发明内容Contents of the invention
本发明为了克服上述技术问题的缺点,提供了一种可快速捕获特定目标用户所使用的各种WLAN终端设备的MAC地址的方法。In order to overcome the disadvantages of the above-mentioned technical problems, the present invention provides a method for quickly capturing the MAC addresses of various WLAN terminal devices used by specific target users.
本发明的针对无线局域网特定目标用户的MAC地址捕获方法,AP为WLAN中的访问接入点,STA为用户终端设备,RSSI为接收信号强度指标,其特别之处在于,依次包括以下步骤:a).数据获取,选取与特定目标STA相距较近、与其他用户相距较远的位置,基于信道扫描策略、时间阈值策略和数据量阈值策略,获取WLAN内通过空中链路传输的各类无线帧;b).基于哈希表构建状态集和更新RSSI序列,设集合 为一个STA或AP的状态信息的集合,称为“状态集”,记作:According to the MAC address acquisition method for specific target users in wireless local area network of the present invention, AP is an access point in WLAN, STA is a user terminal device, and RSSI is a received signal strength indicator, and its special feature is that it includes the following steps in sequence: a ). Data acquisition, select a location that is close to a specific target STA and far from other users, and based on the channel scanning strategy, time threshold strategy and data volume threshold strategy, obtain various wireless frames transmitted through the air link in the WLAN ; b). Construct a state set and update the RSSI sequence based on the hash table, set the set A collection of state information of a STA or AP, called "state set", Referred to as:
其中,为长度为6字节的序列,存储STA/AP的MAC地址;由于MAC地址的惟一性,可将作为对该状态集的惟一标识;为最大长度为的序列,存储已捕获的源MAC地址为的各无线帧的RSSI值,各元素为-90至20之间的整数值,度量单位为dBm;表示实体的类型,表示其为AP,表示其为STA,表示其类型尚未确定;:仅当时有效,存储该AP的SSID;:仅当时有效,存储该AP当前使用的无线信道号;:仅当时有效,用于索引该AP的各STA子节点,是最大长度为的序列,各元素分别为各子节点所对应的STA状态集的存储地址;为布尔型数值,指示内的各状态信息是否完备,当时,用于指示是否已获取该AP的和数据项;当时,用于指示是否已将该STA状态集的存储地址插入其父节点的序列;针对步骤a)所获取的每个无线帧,基于哈希表内“MAC地址→状态集存储地址”的直接映射,快速查找或构建该帧的源MAC地址所对应的状态集,并将该帧的RSSI值更新至序列;c).更新WLAN的拓扑结构:根据标志,确定是否处理状态集内与拓扑相关的数据项,,和,根据帧类型和子帧类型,判定状态集类型以及STA/AP之间的关联关系,构建并更新基于“AP链表+序列”的WLAN拓扑结构;AP链表是一个线性链表,可对哈希表内的AP状态集进行索引,AP链表内各节点的结构为:in, is a sequence of 6 bytes in length, storing the MAC address of the STA/AP; due to the uniqueness of the MAC address, the as the state set unique identifier of is a maximum length of sequence, storing the captured source MAC address as The RSSI value of each wireless frame of , each element is an integer value between -90 and 20, and the measurement unit is dBm; Indicates the type of entity, Indicates that it is an AP, Indicates that it is STA, Indicates that its type has not been determined; : only if Valid when the AP is active, store the SSID of the AP; : only if Valid when the AP is currently used, store the wireless channel number currently used; : only if It is valid when it is used to index each STA child node of the AP, and the maximum length is The sequence of , each element is the storage address of the STA state set corresponding to each child node; is a Boolean value indicating Whether the status information in the is complete, when , used to indicate whether the AP has been obtained and data item; when , used to indicate whether the storage address of the STA state set has been inserted into its parent node sequence; for each wireless frame obtained in step a), based on the "MAC address → state set" in the hash table Stored address" direct mapping, quickly find or construct the source MAC address of the frame The corresponding state set , and the RSSI value of the frame update to sequence ; c). Update the topology of the WLAN: according to the sign , to determine whether to process topology-related data items in the state set , , and , according to the frame type and subframe type, determine the state set type and the association relationship between STA/AP, build and update based on the "AP linked list + sequence" WLAN topology; the AP linked list is a linear linked list that can index the AP state set in the hash table. The structure of each node in the AP linked list is:
d).以时间为周期,对WLAN拓扑结构进行遍历,利用WLAN拓扑结构内的AP状态集和第一类STA状态集,更新现有拓扑树列表内的节点数据,并查找、标记RSSI统计均值最大的STA;第一类STA状态集是且的状态集;拓扑树列表是采用树状分层列表的形式,对WLAN拓扑结构内的各AP状态集和第一类STA状态集的输出显示结果;是对序列内所有元素的统计均值;e).以时间为周期,对哈希表内的第二类STA状态集进行遍历,利用第二类STA状态集,更新现有未关联列表内的节点数据,并查找、标记RSSI统计均值最大的STA;第二类STA状态集是且的状态集;未关联列表是采用单层列表的形式,对各第二类STA状态集的输出显示结果;f).判定特定目标用户的MAC地址,当步骤d)所述拓扑树列表内和步骤e)所述未关联列表内所标记的最大的STA节点都保持稳定时,比较两个步骤中STA的RSSI统计均值,两者之中具有较大的STA节点所对应的MAC地址,即为特定目标用户的MAC地址。d). by time As a cycle, traverse the WLAN topology structure, use the AP state set and the first type STA state set in the WLAN topology structure, update the node data in the existing topology tree list, and find and mark the statistical mean value of RSSI The largest STA; the first type of STA state set is and The state set; the topology tree list is in the form of a tree-like hierarchical list, and displays the results of the output of each AP state set and the first type of STA state set in the WLAN topology; is the sequence The statistical mean of all elements in; e). In time As a cycle, traverse the second type of STA state set in the hash table, use the second type of STA state set to update the node data in the existing unassociated list, and find and mark the statistical mean value of RSSI The largest STA; the second type of STA state set is and The state set; The unassociated list is in the form of a single-layer list, and displays the results of the output of each second class STA state set; f). Determine the MAC address of the specific target user, when step d) and in the topological tree list Step e) marked in the unassociated list When the largest STA nodes remain stable, compare the RSSI statistical mean values of the STAs in the two steps, and the one with the larger The MAC address corresponding to the STA node is the MAC address of the specific target user.
AP为Access Point;STA为Station,这里专指用户终端设备;RSSI为Received Signal Strength Indicator,是对所接收WLAN无线信号的一种能量测度指标,所测得的关于某STA的RSSI,将随测量点与该STA之间距离的增大而减小;在步骤a)中,选取与特定目标STA相距较近、与其他用户相距较远的位置来捕获无线帧,故具有最大RSSI统计均值的STA所对应的MAC地址,即为特定目标用户的MAC地址。步骤b)中,将每个STA/AP状态集作为一条记录,以作为该记录的关键字,构建关于接收范围内各STA/AP状态集的哈希表,因此可实现由无线帧源MAC地址到所对应状态集在哈希表内的存储位置的直接映射。步骤c)中,AP链表可对AP状态集进行索引,AP状态集内的序列可对其各STA子节点进行索引,因此可在稀疏度较大的哈希表内,为所出现的STA/AP状态集构建快速有效的索引。步骤d)和步骤e)对两类STA状态集采用不同的方法,分别周期性地统计与更新具有最大RSSI统计均值的STA状态集。步骤f)可将具有全局最大RSSI统计均值的STA判定为特定目标用户,从而获取其MAC地址。AP is Access Point; STA is Station, which specifically refers to user terminal equipment; RSSI is Received Signal Strength Indicator, which is an energy measurement index for received WLAN wireless signals. The measured RSSI of a certain STA will be measured with The distance between the point and the STA increases and decreases; in step a), select a position that is closer to the specific target STA and farther away from other users to capture wireless frames, so the STA with the largest RSSI statistical mean The corresponding MAC address is the MAC address of the specific target user. In step b), each STA/AP state set as a record with As the key of this record, a hash table about each STA/AP state set in the receiving range is constructed, so the direct mapping from the wireless frame source MAC address to the storage location of the corresponding state set in the hash table can be realized. In step c), the AP linked list can index the AP state set, and the AP state set The sequence can index each of its STA child nodes, so it can construct a fast and effective index for the STA/AP state set that appears in the hash table with a large sparsity. Step d) and step e) adopt different methods for the two types of STA state sets, and respectively periodically count and update the STA state set with the largest RSSI statistical mean value. Step f) can determine the STA with the global maximum RSSI statistical mean value as a specific target user, so as to obtain its MAC address.
本发明的针对无线局域网特定目标用户的MAC地址捕获方法,设置标志,若,表示从首个可用信道开始依次对所有信道进行扫描,若,表示对特定信道进行扫描;其特征在于,步骤a)所述数据获取包括以下步骤:a-1).判断信道扫描策略,判断的值,若,将待扫描信道设置为全部可用信道中的首个信道;若,则将待扫描信道设置为输入值所对应的信道;a-2).将工作模式设置为射频监听模式;该模式下可对当前扫描信道内各STA/AP传输的所有无线帧进行捕获;a-3).捕获无线帧并进行校验,捕获一个无线帧并进行CRC校验,如果经CRC校验不正确,则将该帧丢弃并重新捕获一个无线帧;如果CRC校验正确,则将该帧暂存至缓冲区,执行步骤a-4);a-4).捕获时间阈值的判断,判断捕获无线帧的时间是否达到捕获时间阈值,如果达到,则执行步骤a-6);若未达到,则执行步骤a-5);a-5).捕获数据量阈值的判断,判断捕获无线帧的数据量是否达到捕获数据量阈值,如果达到,则执行步骤a-6);若未达到,则执行步骤a-3);a-6).提交数据,对暂存在缓冲区内的无线帧数据进行批量提交,执行步骤a-7);a-7).判断,判断的值,如果,则监听下一个可用信道;若,则重新对当前信道进行监听;执行步骤a-3)。The present invention is aimed at the MAC address acquisition method of the specific target user of the wireless local area network, and the flag is set ,like , which means to scan all channels sequentially starting from the first available channel, if , indicating that a specific channel is scanned; it is characterized in that the data acquisition in step a) includes the following steps: a-1). Judging the channel scanning strategy, judging value, if , set the channel to be scanned as the first channel among all available channels; if , then set the channel to be scanned to the input value The corresponding channel; a-2). Set the working mode to RF monitoring mode; in this mode, all wireless frames transmitted by each STA/AP in the current scanning channel can be captured; a-3). Capture wireless frames and perform Check, capture a wireless frame and perform CRC check, if the CRC check is incorrect, discard the frame and recapture a wireless frame; if the CRC check is correct, temporarily store the frame to the buffer, execute Step a-4); a-4). Judging the capture time threshold, judging whether the time to capture the wireless frame reaches the capture time threshold , if reaching , then execute step a-6); if not reached , then execute step a-5); a-5). Judgment of the captured data volume threshold, judging whether the data volume of the captured wireless frame reaches the captured data volume threshold , if reaching , then execute step a-6); if not reached , execute steps a-3); a-6). Submit data, submit batches of wireless frame data temporarily stored in the buffer, and execute steps a-7); a-7). Judgment ,judge value, if , then monitor the next available channel; if , then monitor the current channel again; execute step a-3).
本发明的针对无线局域网特定目标用户的MAC地址捕获方法,步骤b)所述基于哈希表构建状态集和更新RSSI序列包括以下步骤:b-1).读取无线帧并判断其类型;从步骤a)所提交的批量数据中读取一个无线帧,并判断其是否为控制帧中的CTS或ACK子帧,如果为CTS或ACK子帧,则重新执行步骤b-1);如果既不是CTS子帧也不是ACK子帧,则获取该帧的源MAC地址和强度信号;这里CTS为Clear To Send的缩写,为清除待发子帧,ACK为Acknowledge的缩写,为确认子帧,这两种子帧内均不含源端的MAC地址;b-2).以的后两字节计算源MAC对应的哈希地址,并判断该哈希地址处的记录是否为空,如果为空则执行步骤b-3);如果不为空,则执行步骤b-4);b-3).在哈希地址处新建状态集,并对状态集进行初始化,将作为对应的状态集,执行步骤b-7);The present invention is aimed at the MAC address acquisition method of the specific target user of wireless local area network, and step b) described based on hash table builds state collection and updates RSSI sequence and comprises the following steps: b-1). Read wireless frame and judge its type; From Step a) Read a wireless frame from the batch data submitted, and judge whether it is a CTS or ACK subframe in the control frame, if it is a CTS or ACK subframe, then re-execute step b-1); if neither If the CTS subframe is not an ACK subframe, then obtain the source MAC address of the frame and strength signal ; Here CTS is the abbreviation of Clear To Send, for clearing the subframe to be sent, and ACK is the abbreviation of Acknowledge, for confirming the subframe, the MAC address of the source end is not included in these two subframes; b-2). The hash address corresponding to the source MAC is calculated by the last two bytes , and judge whether the record at the hash address is empty, if it is empty, execute step b-3); if not empty, execute step b-4); b-3). At the hash address new state set , and for the state set to initialize, the as For the corresponding state set, perform step b-7);
由映射到哈希地址的哈希函数可表示为:Depend on A hash function mapped to a hash address can be expressed as:
对于MAC地址后两字节相同而造成哈希表冲突的所有状态集,都存储在同一线性链表中;b-4).判断是否存在哈希表冲突,将哈希地址处的状态集记作,判断是否成立,如果成立,则将记作,作为对应的状态集,执行步骤b-7);如果不成立,则执行步骤b-5);b-5).遍历冲突链表,以处的状态集为链表头结点,遍历读取链表节点内的状态集,查找是否存在的状态集,如有满足条件的状态集存在,则将记作,作为对应的状态集,执行步骤b-7);如果遍历完冲突链表,均没有满足条件的状态集存在,则执行步骤b-6);b-6).新建状态集,新建状态集并将其添加至现有冲突链表的末端,并对状态集进行初始化,将作为对应的状态集,执行步骤b-7);b-7).判断存储信号强度的序列是否已满,以表示状态集中序列当前实际存储数据的长度,为其最大长度,为偶数;判断是否成立,如果成立,则将该帧的值插入序列的末端,即存入之中;如果不成立,表明已达序列最大长度,则执行步骤b-8);b-8).释放序列的部分空间并存储,以表示原序列,表示更新后的序列;将前半段数据的均值作为的值,将的后半段数据平移至,并将该帧的插入之中。All state sets that cause hash table conflicts due to the same last two bytes of the MAC address are stored in the same linear linked list; b-4). To determine whether there is a hash table conflict, the hash address The state set at ,judge Whether it is established, and if it is established, it will be Referred to as , as For the corresponding state set, execute step b-7); if not established, execute step b-5); b-5). Traverse the conflict list to The state set at is the head node of the linked list, traverse and read the state set in the linked list node , to find out whether there is The state set of , if there is a state set that satisfies the condition, then the Referred to as , as For the corresponding state set, execute step b-7); if there is no state set that satisfies the condition after traversing the conflict list, then execute step b-6); b-6). Create a new state set, create a new state set and add it to the end of the existing conflict list, and to the state set to initialize, the as For the corresponding state set, perform step b-7); b-7). Determine whether the sequence for storing signal strength is full, and use Represents a state set middle The length of the actual data currently stored in the sequence, is its maximum length, is an even number; judgment is true, if true, the frame's value insertion sequence at the end of the among; if not established, indicate Maximum sequence length reached , then perform step b-8); b-8). Release part of the space of the sequence and store ,by represents the original sequence, Indicates the updated sequence; the The mean of the first half of the data is taken as value, will The second half of the data is shifted to , and the frame's insert among.
本发明的针对无线局域网特定目标用户的MAC地址捕获方法,设所捕获无线帧的目的MAC地址为,为目的MAC地址所对应的状态集;源MAC地址为,为源MAC地址所对应的状态集;步骤c)所述更新WLAN的拓扑结构包括以下步骤:c-1).判断无线帧的类型,对于步骤b-1)所读取的无线帧,若为管理帧则执行步骤c-2),若为控制帧则执行步骤c-3),若为数据帧则执行步骤c-4);c-2).判断管理帧的子类型,若为探测请求则执行步骤c-2-1),若为信标则执行步骤c-2-2),若为探测响应则执行步骤c-2-3),若为关联响应或重新关联响应则执行步骤c-2-4),若为关联请求或重新关联请求则执行步骤c-2-5);c-2-1).判断是否成立,如果成立,则令,返回步骤b-1);如果不成立,返回步骤b-1);c-2-2).判断是否成立,如果成立,返回步骤b-1);如果不成立,则执行步骤c-2-2-1);c-2-2-1).判断是否成立,如果成立,设置,并将的存储地址插入AP链表的末端,执行步骤c-2-2-2);如果不成立,则执行步骤c-2-2-2);c-2-2-2).根据帧体内容获取和的值,并设置,返回步骤b-1);c-2-3).判断是否成立,如果成立,执行步骤c-2-3-3);如果不成立,则执行步骤c-2-3-1);c-2-3-1).判断是否成立,如果不成立,则执行步骤c-2-3-2);如果成立,则先设置,并将的存储地址插入AP链表的末端,再执行步骤c-2-3-2);c-2-3-2).根据帧体内容获取和的值,并设置,执行步骤c-2-3-3);c-2-3-3).基于哈希表查找目的MAC地址所对应的状态集,并判断状态集中的是否成立,如果成立,则设置,返回步骤b-1);如果不成立,返回步骤b-1);c-2-4).判断是否成立,如果不成立,则执行步骤c-2-4-1);如果成立,则设置,并将的存储地址插入AP链表的末端,再执行步骤c-2-4-1);c-2-4-1).基于哈希表查找目的MAC地址所对应的状态集,并判断状态集中的是否成立,如果成立,则设置,返回步骤b-1);如果不成立,返回步骤b-1);c-2-5).判断是否成立,如果不成立,则执行步骤c-2-5-1);如果成立,则先设置,再执行步骤c-2-5-1);c-2-5-1).基于哈希表查找目的MAC地址所对应的状态集,并判断是否成立,如果成立,则返回步骤b-1);如果不成立,则执行步骤c-2-5-2);c-2-5-2).判断是否成立,如果不成立,则执行步骤c-2-5-3);如果成立,则设置,并将的存储地址插入AP链表的末端,再执行步骤c-2-5-3);c-2-5-3).判断的内容是否为空,如果不为空,直接返回步骤b-1);如果为空,则根据帧体内容,获取的值,再返回步骤b-1);c-3).判断控制帧的子类型,若为节能轮询,则基于哈希表查找目的MAC地址所对应的状态集,执行步骤c-3-1);若为其它子类型,则返回步骤b-1);c-3-1).判断是否成立,如果成立,则执行步骤c-3-4);如果不成立,则执行步骤c-3-2);c-3-2).判断是否成立,如果不成立,则执行步骤c-3-3);如果成立,先设置,再执行步骤c-3-3);c-3-3).将的存储地址插入其父节点内序列的末端,且序列的长度增加1;并设置,执行步骤c-3-4);c-3-4).判断是否成立,如果不成立,返回步骤b-1);如果成立,则设置,并将的存储地址插入AP链表的末端,返回步骤b-1);c-4).基于哈希表,查找目的MAC地址对应的状态集;判断数据帧的传输方向,若为上行帧则执行步骤c-4-1);若其为下行帧则执行步骤c-4-2);c-4-1).判断是否成立,如果成立,则执行步骤c-4-1-3);如果不成立,则执行步骤c-4-1-1);c-4-1-1).判断是否成立,如果不成立,则执行步骤c-4-1-2);如果成立,则先设置,再执行步骤c-4-1-2);c-4-1-2).将的存储地址插入其父节点内序列的末端,且序列的长度增加1;设置,执行步骤c-4-1-3);c-4-1-3).判断是否成立,如果不成立,则返回步骤b-1);如果成立,则设置,并将的存储地址插入AP链表的末端,返回步骤b-1);c-4-2).判断是否成立,如果不成立,则执行步骤c-4-2-1);如果成立,则设置,并将的存储地址插入AP链表的末端,执行步骤c-4-2-1);c-4-2-1).判断是否成立,如果成立,则返回步骤b-1);如果不成立,则执行步骤c-4-2-2);c-4-2-2).判断是否成立,如果不成立,则执行步骤c-4-2-3);如果成立,则先设置,再执行步骤c-4-2-3);c-4-2-3).将的存储地址插入其父节点内序列的末端,且序列的长度增加1;设置,返回步骤b-1)。The present invention is directed at the MAC address acquisition method of wireless local area network specific target user, suppose the purpose MAC address of captured wireless frame is
本发明的针对无线局域网特定目标用户的MAC地址捕获方法,设为AP链表内节点的标号,为AP链表内第个节点所索引的AP状态集,为序列内元素的标号,为序列内第个元素所索引的STA状态集,为信号强度RSSI的最大统计均值;拓扑树列表内,各AP状态集位于父节点列表层,各第一类STA状态集位于对应AP下的子节点列表层,AP节点显示的数据项为MAC地址、信道号、SSID、RSSI统计均值和捕获无线帧的总数,STA节点显示的数据项为MAC地址、RSSI统计均值和捕获无线帧的总数;步骤d)所述利用WLAN拓扑结构内的状态集对拓扑树列表进行周期性更新的处理,包括以下步骤:d-1).获取现有拓扑树列表内的AP节点总数;d-2).初始值设定,将AP链表的读取位置设置为链表头结点,设置AP节点标号的初始值为“0”,RSSI的最大统计均值的初始值为-90,执行步骤d-3);d-3).判断遍历是否完成,判断AP链表是否遍历完成,如果完成,则执行步骤d-16);如果没有遍历完成,则执行步骤d-4);d-4).在AP链表的当前处理位置读取一个节点,并设置;获取AP状态集的MAC地址、信道号、SSID和捕获无线帧的总数,并基于奇异点滤除和均值处理方法计算其RSSI的统计均值,执行步骤d-5);d-5).比较标号与AP节点总数,判断是否成立,如果成立,执行步骤d-6);如果不成立,则执行步骤d-7);d-6).比较AP状态集与拓扑树列表内第个AP节点的对应数据项,对于不一致的数据项进行更新;并获取拓扑树列表第个AP节点的子节点总数,执行步骤d-8);d-7).利用构建新节点,加入现有拓扑树列表内AP列表的末端,执行步骤d-8);d-8).初始化,将序列的元素标号设置为“1”,执行步骤d-9);d-9).判断序列中的所有元素是否读取完毕,如果读取完毕,则执行步骤d-3);如果没有读取完毕,则执行步骤d-10);d-10).读取序列的第个元素,获取STA状态集的MAC地址和捕获无线帧的总数,并基于奇异点滤除和均值处理方法计算其RSSI的统计均值,执行步骤d-11);d-11).信号强度比较,比较与的大小,如果,则执行步骤d-12);如果,则以和记录和的值,并设置,执行步骤d-12);d-12).判断是否成立,如果成立,执行步骤d-13);如果不成立,则执行步骤d-14);d-13).判断是否成立,如果成立,则比较与拓扑树列表第个AP节点的第个子节点的对应数据项,并对不一致的数据项进行更新,执行步骤d-15);如果不成立,则执行步骤d-14);d-14).利用构建新节点,加入拓扑树列表第个AP节点的子节点列表的末端,执行步骤d-15);d-15).设置,跳转执行步骤d-9);d-16).拓扑树列表内第个AP节点下的第个STA节点,即为本周期内具有最大RSSI统计均值的第一类STA状态集,对其进行标记。The MAC address capture method for the specific target user of the wireless local area network of the present invention, set
本发明的针对无线局域网特定目标用户的MAC地址捕获方法,设为在哈希表内所查找到的第二类STA状态集的标号,为信号强度RSSI的最大统计均值;未关联列表内,各STA节点显示的数据项为MAC地址、RSSI统计均值和捕获无线帧的总数;步骤e)所述利用哈希表内的第二类STA状态集对未关联列表进行周期性更新的处理,包括以下步骤:e-1).获取现有未关联列表内的STA节点总数;将读取位置设为哈希表的起始位置;标号,最大RSSI统计均值;e-2).判断包含冲突链表在内的哈希表是否遍历完成,如果完成,则执行步骤e-7);如果没有遍历完成,则执行步骤e-3);e-3).在哈希表的当前处理位置读取一个状态集,判断该状态集是否满足且的条件,如果不满足,则其不属于第二类STA状态集,跳转执行步骤e-2);如果满足,则执行步骤e-4);e-4).设置;获取STA状态集的MAC地址和捕获无线帧的总数,并基于奇异点滤除和均值处理方法计算其RSSI的统计均值,执行步骤e-5);e-5).信号强度比较,比较与的大小,如果,则执行步骤e-6);如果,则以记录的值,并设置,执行步骤e-6);e-6).判断是否成立,如果成立,则比较与未关联列表第个STA节点的对应数据项,并对不一致的数据项进行更新,执行步骤e-2);如果不成立,则利用构建新节点,加入现有未关联列表的末端,执行步骤e-2);e-7).判断是否成立,如果不成立,则执行步骤e-8);如果成立,删除现有未关联列表末端的个STA节点,执行步骤e-8);哈希表遍历完成后,这里记录了所查找到的第二类STA状态集的总数;e-8).未关联列表的第个STA节点,即为本周期内具有最大RSSI统计均值的第二类STA状态集,对其进行标记。The MAC address capture method for the specific target user of the wireless local area network of the present invention, set is the label of the second type of STA state set found in the hash table, is the maximum statistical mean value of signal strength RSSI; in the unassociated list, the data items displayed by each STA node are the MAC address, the statistical mean value of RSSI and the total number of captured wireless frames; step e) uses the second type of STA in the hash table The processing of periodically updating the unassociated list by the state set includes the following steps: e-1). Obtain the total number of STA nodes in the existing unassociated list ;Set the read position to the start of the hash table; label , the maximum RSSI statistical mean ; e-2). Judging whether the hash table including the conflicting linked list has been traversed, if completed, then execute step e-7); if not traversed, then execute step e-3); e-3). The current processing position of the hash table reads a state set , to judge whether the state set satisfies and If the condition is not satisfied, it does not belong to the second type of STA state set, jump to step e-2); if it is satisfied, then execute step e-4); e-4). Set ; Get STA state set MAC address and the total number of captured wireless frames, and calculate the statistical mean value of its RSSI based on singular point filtering and mean value processing methods, and perform steps e-5); e-5). Signal strength comparison, comparison and size, if , then execute step e-6); if , then with Record value, and set , execute step e-6); e-6). Judgment is true, and if so, compare with unassociated list No. corresponding data items of STA nodes, and update the inconsistent data items, and execute step e-2); if not established, use Build a new node, join the end of the existing unassociated list, and execute steps e-2); e-7). Judgment Whether it is established, if not, then execute step e-8); if it is established, delete the end of the existing unassociated list STA nodes, execute step e-8); after hash table traversal is completed, here Recorded the total number of the second type of STA state sets found; e-8). The first unassociated list STA nodes, that is, the The second type of STA state set with the largest RSSI statistical mean value in the period is marked.
本发明的针对无线局域网特定目标用户的MAC地址捕获方法,设为拓扑树列表内所标记的STA节点和未关联列表内所标记的STA节点都保持稳定的时间,当两者中的任一个发生改变时,都重置为0;步骤f)所述对特定目标用户MAC地址进行判定的处理,包括以下步骤:f-1).判断稳定时间是否达到阈值,如果达到,则执行步骤f-2);如果未达到,则随机等待一段时间后再执行步骤f-1);f-2).比较和值的大小,若,则将拓扑树列表内所标记的STA节点确定为特定目标,返回其MAC地址;若,则将未关联列表内所标记的STA节点确定为特定目标,返回其MAC地址。The MAC address acquisition method aimed at the specific target user of wireless local area network of the present invention, set The time for both the marked STA nodes in the topological tree list and the marked STA nodes in the unassociated list to remain stable, when any one of the two changes, All are reset to 0; Step f) The process of judging the MAC address of a specific target user includes the following steps: f-1). Judging the stabilization time Is the threshold reached , if reaching , then execute step f-2); if not reached, then execute step f-1) after a random wait for a period of time; f-2). Compare and value size, if , then determine the STA node marked in the topology tree list as a specific target, and return its MAC address; if , the STA node marked in the unassociated list is determined as a specific target, and its MAC address is returned.
本发明的有益效果是:支持当前的各种WLAN标准(IEEE 802.11 a/b/g/n),可在WLAN中快速捕获特定目标STA的MAC地址,以对WLAN中的非法活动进行有效的检测和取证,并保证取证工作的无痕化。The beneficial effects of the present invention are: support various current WLAN standards (IEEE 802.11 a/b/g/n), can quickly capture the MAC address of a specific target STA in the WLAN, to effectively detect illegal activities in the WLAN And forensics, and ensure the traceless work of forensics.
具有以下四方面的优势:It has the following four advantages:
1、多用户适用性。即该方法可在WLAN中同时存在多个用户的情况下,对特定目标STA与正常用户STA的MAC进行准确分辨,基于对WLAN全局信息的分析处理,惟一捕获特定目标STA的MAC地址。1. Multi-user applicability. That is to say, this method can accurately distinguish the MAC address of a specific target STA from a normal user STA when there are multiple users in the WLAN at the same time, and uniquely capture the MAC address of a specific target STA based on the analysis and processing of WLAN global information.
2、网络连通适用性。即该方法既适用于特定目标STA已连接WLAN的情况,又适用于特定目标STA尚未接入任何WLAN(但其WLAN功能已开启)的情况。前者可获取特定目标STA的MAC地址、所用信道以及所连接AP的完整信息;后者至少可获取特定目标STA自身的MAC地址。2. Applicability of network connectivity. That is, this method is applicable not only to the situation that the specific target STA has connected to the WLAN, but also to the situation that the specific target STA has not connected to any WLAN (but its WLAN function has been turned on). The former can obtain the MAC address of the specific target STA, the channel used and the complete information of the connected AP; the latter can at least obtain the MAC address of the specific target STA itself.
3、无线数据量适用性。即该方法既适用于WLAN处于高负荷、所传输无线数据较多的情况,又适用于WLAN处于低负荷、所传输无线数据较少的情况。前者具备针对大量数据进行快速处理的功能;后者具备基于有限数据进行信息的“尽力”提取的功能。3. Applicability of wireless data volume. That is, the method is applicable not only to the situation where the WLAN is under high load and transmits more wireless data, but also applicable to the situation where the WLAN is under low load and transmits less wireless data. The former has the function of fast processing for a large amount of data; the latter has the function of "best effort" extraction of information based on limited data.
4、取证快速性与无痕性。即该方法可在短时间内(可接受范围为30~60秒)快速完成对特定目标MAC地址的捕获,而无须在WLAN中检测过长时间;另一方面,该方法对硬件配置的要求较低,可在便携式的手持设备实现,以做到取证的无痕化。4. Fast and traceless evidence collection. That is to say, this method can quickly complete the capture of a specific target MAC address in a short period of time (the acceptable range is 30-60 seconds), without the need to detect in the WLAN for a long time; on the other hand, this method requires relatively little hardware configuration. Low cost, it can be implemented on portable handheld devices to achieve traceless evidence collection.
具体实施方式Detailed ways
下面结合附图与实施例对本发明作进一步说明。The present invention will be further described below in conjunction with the accompanying drawings and embodiments.
如图1所示,给出了本发明的MAC地址捕获方法的原理框图,由数据获取和数据处理两部分组成。“数据获取”模块可根据所选取的信道扫描策略,在射频监听工作模式下,捕获各类IEEE 802.11无线帧;经CRC校验后,基于特定的时间阈值策略和数据量阈值策略,将获取的数据提交至数据处理模块。“数据处理”部分包括三个子模块:(1)状态集构建与RSSI序列更新子模块,可基于哈希表实现“MAC地址→状态集存储地址”的直接映射,针对每个无线帧,快速查找或创建其源端所对应的状态集,将其RSSI值快速更新至状态集内的RSSI序列;并可基于链地址方法进行哈希冲突处理。(2)WLAN拓扑结构更新子模块,可基于“AP链表+序列”为所出现的STA/AP状态集构建快速有效的索引结构,并基于状态集完备标志,确定对状态集内与拓扑相关的数据项进行处理的策略,从而根据不同的帧类型和子帧类型,判定状态集类型以及STA/AP之间的关联关系。(3)MAC地址捕获结果的周期性统计、输出与更新子模块,可基于奇异值滤除和均值处理对各状态集的RSSI序列进行统计;可采用树状分层列表输出WLAN拓扑结构内的AP状态集和第一类STA状态集,以为周期更新拓扑树列表的节点数据,并标记具有最大RSSI统计均值的STA;可采用未关联列表输出哈希表内的第二类STA状态集,以为周期更新节点数据,并标记具有最大RSSI统计均值的STA;经若干更新周期,拓扑树列表与未关联列表内的RSSI最大者,即被确定为特定目标用户。As shown in FIG. 1 , the principle block diagram of the MAC address capture method of the present invention is given, which consists of two parts: data acquisition and data processing. The "Data Acquisition" module can capture various IEEE 802.11 wireless frames in the RF monitoring mode according to the selected channel scanning strategy; after CRC check, based on the specific time threshold strategy and data volume threshold strategy, the acquired The data is submitted to the data processing module. The "data processing" part includes three sub-modules: (1) The state set construction and RSSI sequence update sub-module, which can realize the direct mapping of "MAC address → state set storage address" based on the hash table, and quickly search for each wireless frame Or create a state set corresponding to its source, and quickly update its RSSI value to the RSSI sequence in the state set; and handle hash conflicts based on the chain address method. (2) WLAN topology update submodule, which can be based on "AP linked list + Sequence” builds a fast and effective index structure for the emerging STA/AP state set, and determines the strategy for processing topology-related data items in the state set based on the completeness flag of the state set, so that according to different frame types and subframe types , to determine the state set type and the relationship between STA/AP. (3) The periodic statistics, output and update submodule of the MAC address capture results can be based on singular value filtering and mean value processing for the RSSI sequence of each state set Statistics; the tree-like hierarchical list can be used to output the AP state set and the first-class STA state set in the WLAN topology, so as to Periodically update the node data of the topology tree list, and mark the STA with the largest RSSI statistical mean value; the second type of STA state set in the hash table can be output from the unassociated list, to Periodically update the node data, and mark the STA with the largest RSSI statistical average value; after several update cycles, the one with the largest RSSI in the topology tree list and the unassociated list is determined as the specific target user.
本发明的针对无线局域网特定目标用户的MAC地址捕获方法,AP为WLAN中的访问接入点,STA为用户终端设备,RSSI为接收信号强度指标,依次包括以下步骤:The MAC address acquisition method for the specific target user of the wireless local area network of the present invention, the AP is the access point in the WLAN, the STA is the user terminal equipment, and the RSSI is the received signal strength index, comprising the following steps in turn:
a).数据获取,选取与特定目标STA相距较近、与其他用户相距较远的位置,基于信道扫描策略、时间阈值策略和数据量阈值策略,获取WLAN内通过空中链路传输的各类无线帧;a). Data acquisition, select a location that is closer to a specific target STA and farther away from other users, and based on the channel scanning strategy, time threshold strategy, and data volume threshold strategy, obtain various types of wireless data transmitted through the air link in the WLAN frame;
如图2所示,给出了WLAN数据获取方法的流程图,设置标志,若,表示从首个可用信道开始依次对所有信道进行扫描,若,表示对特定信道进行扫描;其可采用以下步骤来实现:As shown in Figure 2, the flow chart of the WLAN data acquisition method is provided, and the flag is set ,like , which means to scan all channels sequentially starting from the first available channel, if , which means to scan a specific channel; it can be realized by the following steps:
a-1).判断信道扫描策略,判断的值,若,将待扫描信道设置为全部可用信道中的首个信道;若,则将待扫描信道设置为输入值所对应的信道;a-1). Judging the channel scanning strategy, judging value, if , set the channel to be scanned as the first channel among all available channels; if , then set the channel to be scanned to the input value the corresponding channel;
a-2).将工作模式设置为射频监听模式;该模式下可对当前扫描信道内各STA/AP传输的所有无线帧进行捕获;a-2). Set the working mode to RF monitoring mode; in this mode, all wireless frames transmitted by each STA/AP in the current scanning channel can be captured;
a-3).捕获无线帧并进行校验,捕获一个无线帧并进行CRC校验,如果经CRC校验不正确,则将该帧丢弃并重新捕获一个无线帧;如果CRC校验正确,则将该帧暂存至缓冲区,执行步骤a-4);a-3). Capture a wireless frame and perform a check, capture a wireless frame and perform a CRC check, if the CRC check is incorrect, discard the frame and recapture a wireless frame; if the CRC check is correct, then Temporarily save the frame to the buffer, and execute steps a-4);
a-4).捕获时间阈值的判断,判断捕获无线帧的时间是否达到捕获时间阈值,如果达到,则执行步骤a-6);若未达到,则执行步骤a-5);a-4). Judgment of the capture time threshold, judging whether the time to capture the wireless frame reaches the capture time threshold , if reaching , then execute step a-6); if not reached , then execute step a-5);
a-5).捕获数据量阈值的判断,判断捕获无线帧的数据量是否达到捕获数据量阈值,如果达到,则执行步骤a-6);若未达到,则执行步骤a-3);a-5). Judgment of the threshold of the captured data volume, judging whether the data volume of the captured wireless frame reaches the captured data volume threshold , if reaching , then execute step a-6); if not reached , then perform step a-3);
a-6).提交数据,对暂存在缓冲区内的无线帧数据进行批量提交,执行步骤a-7);a-6). Submit the data, submit the wireless frame data temporarily stored in the buffer in batches, and execute step a-7);
a-7).判断,判断的值,如果,则监听下一个可用信道;若,则重新对当前信道进行监听;执行步骤a-3)。a-7). Judgment ,judge value, if , then monitor the next available channel; if , then monitor the current channel again; execute step a-3).
b).基于哈希表构建状态集和更新RSSI序列,设集合为一个STA或AP的状态信息的集合,称为“状态集”,记作:b).Construct a state set and update the RSSI sequence based on the hash table, set the set A collection of state information of a STA or AP, called "state set", Referred to as:
其中,为长度为6字节的序列,存储STA/AP的MAC地址,如;由于MAC地址的惟一性,可将作为对该状态集的惟一标识;为最大长度为的序列,存储已捕获的源MAC地址为的各无线帧的RSSI值,各元素为-90至20之间的整数值,度量单位为dBm;表示实体的类型,表示其为AP,表示其为STA,表示其类型尚未确定;:仅当时有效,存储该AP的SSID;SSID为Service Set Identifier的缩写,为服务集标识;:仅当时有效,存储该AP当前使用的无线信道号;:仅当时有效,用于索引该AP的各STA子节点,是最大长度为的序列,各元素分别为各子节点所对应的STA状态集的存储地址;为布尔型数值,取值为0或1,指示内的各状态信息是否完备,当时,用于指示是否已获取该AP的和数据项;当时,用于指示是否已将该STA状态集的存储地址插入其父节点的序列;in, It is a sequence with a length of 6 bytes, storing the MAC address of the STA/AP, such as ; Due to the uniqueness of the MAC address, the as the state set unique identifier of is a maximum length of sequence, storing the captured source MAC address as The RSSI value of each wireless frame of , each element is an integer value between -90 and 20, and the measurement unit is dBm; Indicates the type of entity, Indicates that it is an AP, Indicates that it is STA, Indicates that its type has not been determined; : only if SSID of the AP is stored; SSID is the abbreviation of Service Set Identifier, which is the service set identifier; : only if Valid when the AP is currently used to store the wireless channel number; : only if It is valid when it is used to index each STA child node of the AP, and the maximum length is The sequence of , each element is the storage address of the STA state set corresponding to each child node; It is a Boolean value, the value is 0 or 1, indicating Whether the status information in the is complete, when , used to indicate whether the AP has been obtained and data item; when When , it is used to indicate whether the storage address of the STA state set has been inserted into its parent node sequence;
针对步骤a)中捕获到的每个无线帧,基于哈希表内“MAC地址→状态集存储地址”的直接映射,快速查找或构建该帧的源MAC地址所对应的状态集,并将该帧的RSSI值更新至序列;For each wireless frame captured in step a), based on the "MAC address → state set" in the hash table Stored address" direct mapping, quickly find or construct the source MAC address of the frame The corresponding state set , and the RSSI value of the frame update to sequence ;
如图3所示,给出了本发明中基于哈希表的状态集构建与RSSI序列更新方法的流程图,其可采用以下步骤来实现:As shown in Figure 3, the flow chart of state set construction and RSSI sequence update method based on hash table in the present invention is provided, and it can adopt following steps to realize:
b-1).读取无线帧并判断其类型;从步骤a)所提交的批量数据中读取一个无线帧,并判断其是否为控制帧中的CTS或ACK子帧,如果为CTS或ACK子帧,则重新执行步骤b-1);如果既非CTS子帧也非ACK子帧,则获取该帧的源MAC地址和强度信号;这里CTS为Clear To Send的缩写,为清除待发子帧,ACK为Acknowledge的缩写,为确认子帧,这两种子帧内均不含源端的MAC地址;b-1). Read the wireless frame and judge its type; read a wireless frame from the batch data submitted in step a), and judge whether it is a CTS or ACK subframe in the control frame, if it is CTS or ACK subframe, then re-execute step b-1); if it is neither a CTS subframe nor an ACK subframe, then obtain the source MAC address of the frame and strength signal ; Here CTS is an abbreviation of Clear To Send, which is to clear subframes to be sent, and ACK is an abbreviation of Acknowledge, which is to confirm subframes, and these two subframes do not contain the MAC address of the source end;
b-2).以的后两字节计算源MAC对应的哈希地址,并判断该哈希地址处的记录是否为空,如果为空则执行步骤b-3);如果不为空,则执行步骤b-4);b-2). With The hash address corresponding to the source MAC is calculated by the last two bytes , and judge whether the record at the hash address is empty, if it is empty, execute step b-3); if not empty, execute step b-4);
b-3).在哈希地址处新建状态集,并对状态集进行初始化,将作为对应的状态集,执行步骤b-7);b-3). At the hash address new state set , and for the state set to initialize, the as For the corresponding state set, perform step b-7);
由映射到哈希地址的哈希函数可表示为:Depend on A hash function mapped to a hash address can be expressed as:
对于MAC地址后两字节相同而造成哈希表冲突的所有状态集,都存储在同一线性链表中;All state sets that cause hash table conflicts due to the same last two bytes of the MAC address are stored in the same linear linked list;
b-4).判断是否存在哈希表冲突,将哈希地址处的状态集记作,判断是否成立,如果成立,则将记作,作为对应的状态集,执行步骤b-7);如果不成立,则执行步骤b-5);b-4). To determine whether there is a hash table conflict, the hash address The state set at ,judge Whether it is established, and if it is established, then the Referred to as , as For the corresponding state set, execute step b-7); if not established, execute step b-5);
b-5).遍历冲突链表,以处的状态集为链表头结点,遍历读取链表节点内的状态集,查找是否存在的状态集,如有满足条件的状态集存在,则将记作,作为对应的状态集,执行步骤b-7);如果遍历完冲突链表,均没有满足条件的状态集存在,则执行步骤b-6);b-5). Traverse the conflict list to The state set at is the head node of the linked list, traverse and read the state set in the linked list node , to find out whether there is The state set of , if there is a state set that satisfies the condition, then the Referred to as , as For the corresponding state set, execute step b-7); if there is no state set satisfying the condition after traversing the conflict linked list, then execute step b-6);
b-6).新建状态集,新建状态集并将其添加至现有冲突链表的末端,并对状态集进行初始化,将作为对应的状态集,执行步骤b-7);b-6). New state set, new state set and add it to the end of the existing conflict list, and to the state set to initialize, the as For the corresponding state set, perform step b-7);
b-7).判断存储信号强度的序列是否已满,以表示状态集中序列当前实际存储数据的长度,为其最大长度,为偶数;判断是否成立,如果成立,则将该帧的值插入序列的末端,即存入之中;如果不成立,表明已达序列最大长度,则执行步骤b-8);b-7). Judging whether the sequence of storing signal strength is full, to Represents a state set middle The length of the data currently stored in the sequence, is its maximum length, is an even number; judgment Whether it is true, if it is true, the frame's value insertion sequence at the end of the among; if not established, indicate Maximum sequence length reached , then perform step b-8);
b-8).释放序列的部分空间并存储,以表示原序列,表示更新后的序列;将前半段数据的均值作为的值,将的后半段数据平移至,并将该帧的插入之中,即b-8). Release part of the sequence space and store ,by represents the original sequence, Indicates the updated sequence; the The mean of the first half of the data is taken as value, will The second half of the data is shifted to , and the frame's insert among, namely
c).更新WLAN的拓扑结构:根据状态集完备标志,确定是否处理状态集内与拓扑相关的数据项,,和,根据帧类型和子帧类型,判定状态集类型以及STA/AP之间的关联关系,构建并更新基于“AP链表+序列”的WLAN拓扑结构;AP链表是一个线性链表,可对哈希表内的AP状态集进行索引,AP链表内各节点的结构为:c). Updating the topology structure of the WLAN: according to the complete flag of the state set , to determine whether to process topology-related data items in the state set , , and , according to the frame type and subframe type, determine the state set type and the association relationship between STA/AP, build and update based on the "AP linked list + sequence" WLAN topology; the AP linked list is a linear linked list that can index the AP state set in the hash table. The structure of each node in the AP linked list is:
如图4、图5和图6所示,分别给出了本发明中基于管理帧、控制帧和数据帧的WLAN拓扑结构更新方法的流程图;As shown in Fig. 4, Fig. 5 and Fig. 6, respectively provide the flowchart of the WLAN topology update method based on management frame, control frame and data frame among the present invention;
设所捕获无线帧的目的MAC地址为,为目的MAC地址所对应的状态集;源MAC地址为,为源MAC地址所对应的状态集;步骤c)所述更新WLAN的拓扑结构,可采用以下步骤来实现:Let the destination MAC address of the captured wireless frame be , destination MAC address The corresponding state set; the source MAC address is , is the source MAC address Corresponding state set; step c) described update the topology structure of WLAN, can adopt the following steps to realize:
c-1).判断无线帧的类型,对于步骤b-1)所读取的无线帧,若为管理帧则执行步骤c-2),若为控制帧则执行步骤c-3),若为数据帧则执行步骤c-4);c-1). Determine the type of wireless frame. For the wireless frame read in step b-1), if it is a management frame, then perform step c-2), if it is a control frame, then perform step c-3), if it is The data frame then executes step c-4);
c-2).判断管理帧的子类型,若为探测请求则执行步骤c-2-1),若为信标则执行步骤c-2-2),若为探测响应则执行步骤c-2-3),若为关联响应或重新关联响应则执行步骤c-2-4),若为关联请求或重新关联请求则执行步骤c-2-5);c-2). Determine the subtype of the management frame. If it is a probe request, execute step c-2-1). If it is a beacon, execute step c-2-2). If it is a probe response, execute step c-2. -3), if it is an association response or a re-association response, execute step c-2-4), if it is an association request or a re-association request, execute step c-2-5);
c-2-1).判断是否成立,如果成立,则令,返回步骤b-1);如果不成立,返回步骤b-1); c-2-1). Judgment Whether it is established, and if it is established, then let , return to step b-1); if not established, return to step b-1);
c-2-2).判断是否成立,如果成立,返回步骤b-1);如果不成立,则执行步骤c-2-2-1);c-2-2). Judgment Whether it is established, if established, return to step b-1); if not established, then perform step c-2-2-1);
c-2-2-1).判断是否成立,如果成立,设置,并将的存储地址插入AP链表的末端,执行步骤c-2-2-2);如果不成立,则执行步骤c-2-2-2);c-2-2-1). Judgment is true, and if so, set , and will Insert the storage address into the end of the AP linked list, execute step c-2-2-2); if not established, then execute step c-2-2-2);
c-2-2-2).根据帧体内容获取和的值,并设置,返回步骤b-1);c-2-2-2). According to the content of the frame body and value, and set , return to step b-1);
c-2-3).判断是否成立,如果成立,执行步骤c-2-3-3);如果不成立,则执行步骤c-2-3-1);c-2-3). Judgment Whether it is established, if established, execute step c-2-3-3); if not established, execute step c-2-3-1);
c-2-3-1).判断是否成立,如果不成立,则执行步骤c-2-3-2);如果成立,则先设置,并将的存储地址插入AP链表的末端,再执行步骤c-2-3-2);c-2-3-1). Judgment Whether it is true, if not, then execute step c-2-3-2); if true, set it first , and will Insert the storage address into the end of the AP linked list, and then perform step c-2-3-2);
c-2-3-2).根据帧体内容获取和的值,并设置,执行步骤c-2-3-3);c-2-3-2). According to the content of the frame body and value, and set , execute step c-2-3-3);
c-2-3-3).基于哈希表查找目的MAC地址所对应的状态集,并判断状态集中的是否成立,如果成立,则设置,返回步骤b-1);如果不成立,返回步骤b-1);c-2-3-3). Find the destination MAC address based on the hash table The corresponding state set , and judge the state set middle is true, and if so, set , return to step b-1); if not established, return to step b-1);
c-2-4).判断是否成立,如果不成立,则执行步骤c-2-4-1);如果成立,则设置,并将的存储地址插入AP链表的末端,再执行步骤c-2-4-1);c-2-4). Judgment Whether it is true, if not, then execute step c-2-4-1); if true, set , and will Insert the storage address into the end of the AP linked list, and then perform step c-2-4-1);
c-2-4-1).基于哈希表查找目的MAC地址所对应的状态集,并判断状态集中的是否成立,如果成立,则设置,返回步骤b-1);如果不成立,返回步骤b-1);c-2-4-1). Find the destination MAC address based on the hash table The corresponding state set , and judge the state set middle is true, and if so, set , return to step b-1); if not established, return to step b-1);
c-2-5).判断是否成立,如果不成立,则执行步骤c-2-5-1);如果成立,则先设置,再执行步骤c-2-5-1);c-2-5). Judgment Whether it is true, if not, then execute step c-2-5-1); if true, set it first , and then perform step c-2-5-1);
c-2-5-1).基于哈希表查找目的MAC地址所对应的状态集,并判断是否成立,如果成立,则返回步骤b-1);如果不成立,则执行步骤c-2-5-2);c-2-5-1). Find the destination MAC address based on the hash table The corresponding state set , and judge Whether it is true, if true, return to step b-1); if not true, then perform step c-2-5-2);
c-2-5-2).判断是否成立,如果不成立,则执行步骤c-2-5-3);如果成立,则设置,并将的存储地址插入AP链表的末端,再执行步骤c-2-5-3);c-2-5-2). Judgment Whether it is true, if not, then execute step c-2-5-3); if true, set , and will Insert the storage address into the end of the AP linked list, and then perform step c-2-5-3);
c-2-5-3).判断的内容是否为空,如果不为空,直接返回步骤b-1);如果为空,则根据帧体内容,获取的值,再返回步骤b-1);c-2-5-3). Judgment Whether the content of the frame is empty, if not, directly return to step b-1); if it is empty, according to the content of the frame body, get value, and then return to step b-1);
c-3).判断控制帧的子类型,若为节能轮询,则基于哈希表查找目的MAC地址所对应的状态集,执行步骤c-3-1);若为其它子类型,则返回步骤b-1);c-3). Determine the subtype of the control frame. If it is energy-saving polling, look up the destination MAC address based on the hash table The corresponding state set , execute step c-3-1); if it is another subtype, return to step b-1);
c-3-1).判断是否成立,如果成立,则执行步骤c-3-4);如果不成立,则执行步骤c-3-2);c-3-1). Judgment Whether it is established, if established, then execute step c-3-4); if not established, execute step c-3-2);
c-3-2).判断是否成立,如果不成立,则执行步骤c-3-3);如果成立,先设置,再执行步骤c-3-3);c-3-2). Judgment Whether it is true, if not, then execute step c-3-3); if true, first set , and then perform step c-3-3);
c-3-3).将的存储地址插入其父节点内序列的末端,且序列的长度增加1;并设置,执行步骤c-3-4);c-3-3). Will The storage address of is inserted into its parent node Inside the end of the sequence, and the sequence length increment by 1; and set , execute step c-3-4);
c-3-4).判断是否成立,如果不成立,返回步骤b-1);如果成立,则设置,并将的存储地址插入AP链表的末端,返回步骤b-1);c-3-4). Judgment Whether it is true, if not, return to step b-1); if true, set , and will The storage address of is inserted into the end of the AP linked list, and returns to step b-1);
c-4).基于哈希表,查找目的MAC地址对应的状态集;判断数据帧的传输方向,若为上行帧则执行步骤c-4-1);若其为下行帧则执行步骤c-4-2);c-4). Find the destination MAC address based on the hash table corresponding state set ; Judging the transmission direction of the data frame, if it is an uplink frame, then perform step c-4-1); if it is a downlink frame, then perform step c-4-2);
c-4-1).判断是否成立,如果成立,则执行步骤c-4-1-3);如果不成立,则执行步骤c-4-1-1);c-4-1). Judgment Whether it is established, if established, execute step c-4-1-3); if not established, execute step c-4-1-1);
c-4-1-1).判断是否成立,如果不成立,则执行步骤c-4-1-2);如果成立,则先设置,再执行步骤c-4-1-2);c-4-1-1). Judgment Whether it is true, if not, then execute step c-4-1-2); if true, set it first , and then perform step c-4-1-2);
c-4-1-2).将的存储地址插入其父节点内序列的末端,且序列的长度增加1;设置,执行步骤c-4-1-3);c-4-1-2). Will The storage address of is inserted into its parent node Inside the end of the sequence, and the sequence length increment by 1; set , execute step c-4-1-3);
c-4-1-3).判断是否成立,如果不成立,则返回步骤b-1);如果成立,则设置,并将的存储地址插入AP链表的末端,返回步骤b-1);c-4-1-3). Judgment Whether it is true, if not, return to step b-1); if true, set , and will The storage address of is inserted into the end of the AP linked list, and returns to step b-1);
c-4-2).判断是否成立,如果不成立,则执行步骤c-4-2-1);如果成立,则设置,并将的存储地址插入AP链表的末端,执行步骤c-4-2-1);c-4-2). Judgment Whether it is true, if not, then execute step c-4-2-1); if true, set , and will Insert the storage address into the end of the AP linked list, perform step c-4-2-1);
c-4-2-1).判断是否成立,如果成立,则返回步骤b-1);如果不成立,则执行步骤c-4-2-2);c-4-2-1). Judgment Whether it is true, if true, return to step b-1); if not true, then perform step c-4-2-2);
c-4-2-2).判断是否成立,如果不成立,则执行步骤c-4-2-3);如果成立,则先设置,再执行步骤c-4-2-3);c-4-2-2). Judgment Whether it is true, if not, then execute step c-4-2-3); if true, set it first , and then perform step c-4-2-3);
c-4-2-3).将的存储地址插入其父节点内序列的末端,且序列的长度增加1;设置,返回步骤b-1)。c-4-2-3). Will The storage address of is inserted into its parent node Inside the end of the sequence, and the sequence length increment by 1; set , return to step b-1).
d).以时间为周期,对WLAN拓扑结构进行遍历,利用WLAN拓扑结构内的AP状态集和第一类STA状态集,更新现有拓扑树列表内的节点数据,并查找、标记RSSI统计均值最大的STA;第一类STA状态集是且的状态集;拓扑树列表是采用树状分层列表的形式,对WLAN拓扑结构内的各AP状态集和第一类STA状态集的输出显示结果;是对序列内所有元素的统计均值;d). by time As a cycle, traverse the WLAN topology structure, use the AP state set and the first-class STA state set in the WLAN topology structure, update the node data in the existing topology tree list, and find and mark the statistical mean value of RSSI The largest STA; the first type of STA state set is and The state set; the topology tree list is in the form of a tree-like hierarchical list, and displays the results of the output of each AP state set and the first type of STA state set in the WLAN topology; is the sequence The statistical mean of all elements in ;
如图7所示,给出了利用WLAN拓扑结构内的状态集对拓扑树列表进行周期性更新方法的流程图;As shown in Figure 7, a flow chart of a method for periodically updating the topology tree list using the state set in the WLAN topology structure is provided;
设为AP链表内节点的标号,为AP链表内第个节点所索引的AP状态集,为序列内元素的标号,为序列内第个元素所索引的STA状态集,为信号强度RSSI的最大统计均值;拓扑树列表内,各AP状态集位于父节点列表层,各第一类STA状态集位于对应AP下的子节点列表层,AP节点显示的数据项为MAC地址、信道号、SSID、RSSI统计均值和捕获无线帧的总数,STA节点显示的数据项为MAC地址、RSSI统计均值和捕获无线帧的总数;步骤d)所述利用WLAN拓扑结构内的状态集对拓扑树列表进行周期性更新的处理,可采用以下步骤来实现:set up is the label of the node in the AP linked list, is the first in the AP linked list AP state set indexed by nodes, for the index of the element within the sequence, for sequence number STA state set indexed by elements, is the maximum statistical mean value of the signal strength RSSI; in the topology tree list, each AP state set is located at the parent node list layer, each first-class STA state set is located at the child node list layer under the corresponding AP, and the data item displayed by the AP node is the MAC address , channel number, SSID, RSSI statistical mean value and the total number of captured wireless frames, the data items displayed by the STA node are MAC address, RSSI statistical mean value and the total number of captured wireless frames; step d) using the state set pair in the WLAN topology The process of periodically updating the topology tree list can be realized by the following steps:
d-1). 获取现有拓扑树列表内的AP节点总数;d-1). Obtain the total number of AP nodes in the existing topology tree list ;
d-2).初始值设定,将AP链表的读取位置设置为链表头结点,设置AP节点标号的初始值为“0”, RSSI的最大统计均值的初始值为-90,执行步骤d-3);d-2). Initial value setting, set the reading position of the AP linked list as the head node of the linked list, and set the AP node label The initial value of is "0", the maximum statistical mean of RSSI The initial value of -90, execute step d-3);
d-3).判断遍历是否完成,判断AP链表是否遍历完成,如果完成,则执行步骤d-16);如果没有遍历完成,则执行步骤d-4);d-3). Judging whether the traversal is complete, judging whether the traversal of the AP linked list is complete, if complete, then perform step d-16); if not traversal is complete, then perform step d-4);
d-4).在AP链表的当前处理位置读取一个节点,并设置;获取AP状态集的MAC地址、信道号、SSID和捕获无线帧的总数,并基于奇异点滤除和均值处理方法计算其RSSI的统计均值,执行步骤d-5);d-4). Read a node at the current processing position of the AP linked list, and set ; Get AP state set MAC address, channel number, SSID and the total number of captured wireless frames, and calculate the statistical mean value of its RSSI based on singular point filtering and mean value processing method, perform step d-5);
d-5).比较标号与AP节点总数,判断是否成立,如果成立,执行步骤d-6);如果不成立,则执行步骤d-7);d-5). Compare labels and the total number of AP nodes ,judge Whether it is established, if established, execute step d-6); if not established, execute step d-7);
d-6).比较AP状态集与拓扑树列表内第个AP节点的对应数据项,对于不一致的数据项进行更新;并获取拓扑树列表第个AP节点的子节点总数,执行步骤d-8);d-6). Compare AP state sets and the first in the topological tree list The corresponding data items of AP nodes, update the inconsistent data items; and obtain the topological tree list No. The total number of child nodes of an AP node , execute step d-8);
d-7).利用构建新节点,加入现有拓扑树列表内AP列表的末端,执行步骤d-8);d-7). Use Build a new node, add the end of the AP list in the existing topology tree list, and perform step d-8);
d-8).初始化,将序列的元素标号设置为“1”,执行步骤d-9);d-8).Initialization ,Will sequence element number set to "1", execute step d-9);
d-9).判断序列中的所有元素是否读取完毕,如果读取完毕,则执行步骤d-3);如果没有读取完毕,则执行步骤d-10);d-9). Judgment sequence Whether all the elements in are read completely, if read complete, execute step d-3); if not read complete, execute step d-10);
d-10).读取序列的第个元素,获取STA状态集的MAC地址和捕获无线帧的总数,并基于奇异点滤除和均值处理方法计算其RSSI的统计均值,执行步骤d-11);d-10). Read sequence First elements to get the STA state set MAC address and the total number of captured wireless frames, and calculate the statistical mean of RSSI based on singular point filtering and mean value processing methods , execute step d-11);
d-11).信号强度比较,比较与的大小,如果,则执行步骤d-12);如果,则以和记录和的值,并设置,执行步骤d-12);d-11). Signal strength comparison, comparison and size, if , then execute step d-12); if , then with and Record and value, and set , execute step d-12);
d-12).判断是否成立,如果成立,执行步骤d-13);如果不成立,则执行步骤d-14);d-12). Judgment Whether it is established, if established, execute step d-13); if not established, execute step d-14);
d-13).判断是否成立,如果成立,则比较与拓扑树列表第个AP节点的第个子节点的对应数据项,并对不一致的数据项进行更新,执行步骤d-15);如果不成立,则执行步骤d-14);d-13). Judgment is true, and if so, compare and topological tree list No. The first AP node child nodes, and update the inconsistent data items, execute step d-15); if not established, execute step d-14);
d-14).利用构建新节点,加入拓扑树列表第个AP节点的子节点列表的末端,执行步骤d-15);d-14). Use Build a new node and add it to the topological tree list The end of the child node list of AP node, execute step d-15);
d-15).设置,跳转执行步骤d-9);d-15). Setting , jump to step d-9);
d-16).拓扑树列表内第个AP节点下的第个STA节点,即为本周期内具有最大RSSI统计均值的第一类STA状态集,对其进行标记。d-16). The first in the topological tree list The first AP under the AP node STA nodes, namely The first type of STA state set with the largest RSSI statistical mean value in the period is marked.
e).以时间为周期,对哈希表内的第二类STA状态集进行遍历,利用第二类STA状态集,更新现有未关联列表内的节点数据,并查找、标记RSSI统计均值最大的STA;第二类STA状态集是且的状态集;未关联列表是采用单层列表的形式,对各第二类STA状态集的输出显示结果;e). by time As a cycle, traverse the second type of STA state set in the hash table, use the second type of STA state set to update the node data in the existing unassociated list, and find and mark the statistical mean value of RSSI The largest STA; the second type of STA state set is and The state set; the unassociated list is in the form of a single-layer list, and displays the results of the output of each second type STA state set;
如图8所示,给出了利用哈希表内的第二类STA状态集对未关联列表进行周期性更新方法的流程图;As shown in Figure 8, a flowchart of a method for periodically updating the unassociated list using the second type of STA state set in the hash table is provided;
设为在哈希表内所查找到的第二类STA状态集的标号,为信号强度RSSI的最大统计均值;未关联列表内,各STA节点显示的数据项为MAC地址、RSSI统计均值和捕获无线帧的总数;步骤e)所述利用哈希表内的第二类STA状态集对未关联列表进行周期性更新的处理,可采用以下步骤来实现:set up is the label of the second type of STA state set found in the hash table, is the maximum statistical mean value of signal strength RSSI; in the unassociated list, the data items displayed by each STA node are the MAC address, the statistical mean value of RSSI and the total number of captured wireless frames; step e) uses the second type of STA in the hash table The process of periodically updating the unassociated list by the state set can be realized by the following steps:
e-1). 获取现有未关联列表内的STA节点总数;将读取位置设为哈希表的起始位置;标号,最大RSSI统计均值;e-1). Obtain the total number of STA nodes in the existing unassociated list ;Set the read position as the starting position of the hash table; label , the maximum RSSI statistical mean ;
e-2).判断包含冲突链表在内的哈希表是否遍历完成,如果完成,则执行步骤e-7);如果没有遍历完成,则执行步骤e-3);e-2). Judging whether the hash table including the conflict linked list has been traversed, if completed, then execute step e-7); if not traversed, then execute step e-3);
e-3).在哈希表的当前处理位置读取一个状态集,判断该状态集是否满足且的条件,如果不满足,则其不属于第二类STA状态集,跳转执行步骤e-2);如果满足,则执行步骤e-4);e-3). Read a state set at the current processing position of the hash table , to judge whether the state set satisfies and If the condition is not satisfied, it does not belong to the second type of STA state set, and jumps to step e-2); if it is satisfied, then executes step e-4);
e-4).设置;获取STA状态集的MAC地址和捕获无线帧的总数,并基于奇异点滤除和均值处理方法计算其RSSI的统计均值,执行步骤e-5);e-4). Setting ; Get STA state set MAC address and the total number of captured wireless frames, and calculate the statistical mean value of its RSSI based on singular point filtering and mean value processing method, perform step e-5);
e-5).信号强度比较,比较与的大小,如果,则执行步骤e-6);如果,则以记录的值,并设置,执行步骤e-6);e-5). Signal strength comparison, comparison and size, if , then execute step e-6); if , then with Record value, and set , execute step e-6);
e-6).判断是否成立,如果成立,则比较与未关联列表第个STA节点的对应数据项,并对不一致的数据项进行更新,执行步骤e-2);如果不成立,则利用构建新节点,加入现有未关联列表的末端,执行步骤e-2);e-6). Judgment is true, and if so, compare with unassociated list No. corresponding data items of STA nodes, and update the inconsistent data items, and execute step e-2); if not established, use Build a new node, join the end of the existing unassociated list, execute step e-2);
e-7).判断是否成立,如果不成立,则执行步骤e-8);如果成立,删除现有未关联列表末端的个STA节点,执行步骤e-8);哈希表遍历完成后,这里记录了所查找到的第二类STA状态集的总数;e-7). Judgment Whether it is established, if not, then execute step e-8); if it is established, delete the end of the existing unassociated list STA nodes, execute step e-8); after hash table traversal is completed, here Records the total number of found second-type STA state sets;
e-8).未关联列表的第个STA节点,即为本周期内具有最大RSSI统计均值的第二类STA状态集,对其进行标记。e-8). The first part of the unassociated list STA nodes, that is, the The second type of STA state set with the largest RSSI statistical mean value in the period is marked.
f).判定特定目标用户的MAC地址,当步骤d)所述拓扑树列表内和步骤e)所述未关联列表内所标记的最大的STA节点都保持稳定时,比较两个步骤中STA的RSSI统计均值,两者之中具有较大的STA节点所对应的MAC地址,即为特定目标用户的MAC地址。f). Determine the MAC address of the specific target user, when step d) in the topological tree list and step e) in the unassociated list described in the marked When the largest STA nodes remain stable, compare the statistical mean values of RSSI of the STAs in the two steps, and the one with the larger The MAC address corresponding to the STA node is the MAC address of the specific target user.
设为拓扑树列表内所标记的STA节点和未关联列表内所标记的STA节点都保持稳定的时间,当两者中的任一个发生改变时,都重置为0;步骤f)所述对特定目标用户MAC地址进行判定的处理,可采用以下步骤来实现:set up The time for both the marked STA nodes in the topological tree list and the marked STA nodes in the unassociated list to remain stable, when any one of the two changes, are all reset to 0; the process of determining the MAC address of a specific target user described in step f) can be realized by the following steps:
f-1).判断稳定时间是否达到阈值,如果达到,则执行步骤f-2);如果未达到,则随机等待一段时间后再执行步骤f-1);f-1). Judgment of stabilization time Is the threshold reached , if reaching , then execute step f-2); if not, then execute step f-1) after waiting for a period of time at random;
f-2).比较和值的大小,若,则将拓扑树列表内所标记的STA节点确定为特定目标,返回其MAC地址;若,则将未关联列表内所标记的STA节点确定为特定目标,返回其MAC地址。f-2).Comparison and value size, if , then determine the STA node marked in the topology tree list as a specific target, and return its MAC address; if , the STA node marked in the unassociated list is determined as a specific target, and its MAC address is returned.
其中:in:
对于步骤a),在全部可用信道或指定信道内,有效获取通过空中链路传输的各类无线帧(包括5 GHz频段符合802.11 a标准、2.4 GHz频段802.11 b/g标准和2.4/5 GHz频段802.11n标准的无线管理帧、控制帧和数据帧),是对特定目标STA的MAC地址进行捕获的基础和前提。For step a), effectively acquire all kinds of wireless frames transmitted over the air link (including 802.11 a standard in the 5 GHz frequency band, 802.11 b/g standard in the 2.4 GHz frequency band and 2.4/5 GHz frequency band in all available channels or designated channels 802.11n standard wireless management frame, control frame and data frame) is the basis and premise of capturing the MAC address of a specific target STA.
对于步骤b),将各无线帧的RSSI值快速更新至源MAC地址所对应状态集内的序列,是高效、准确地实现基于RSSI的MAC地址捕获方法的核心问题。For step b), the RSSI value of each wireless frame is quickly updated to the corresponding state set of the source MAC address Sequence is the core problem of efficiently and accurately implementing the RSSI-based MAC address capture method.
优选地,将每个STA/AP状态集作为一条“记录”,以作为该记录的“关键字”,构建关于数据获取模块接收范围内各STA/AP状态集的哈希表,可实现由无线帧的源MAC地址到所对应状态集在哈希表内的存储位置的直接映射。由于MAC地址由6字节(48比特)组成,共存在种可能的取值,因此无法直接将其用作哈希地址;可取其最后两字节(的第5, 6个元素)作为哈希地址,由此所构建哈希表的长度为,例如,对于MAC地址“00-A1-B0-BF-05-14”,可直接确定其所对应的状态集在哈希表内的位置,即。Preferably, each STA/AP state set as a "record" with As the "keyword" of this record, construct a hash table about each STA/AP state set within the receiving range of the data acquisition module, which can realize the storage location in the hash table from the source MAC address of the wireless frame to the corresponding state set direct mapping. Since the MAC address consists of 6 bytes (48 bits), there are possible values, so it cannot be used directly as a hash address; its last two bytes ( The 5th and 6th elements of ) are used as the hash address, so the length of the constructed hash table is , for example, for the MAC address "00-A1-B0-BF-05-14", the position of the corresponding state set in the hash table can be directly determined, namely .
然而当几个STA/AP的MAC地址的后两字节相同时,其状态集将具有相同的哈希地址,如MAC地址为“00-A1-B0-BF-05-14”和“8C-A9-82-65-05-14”的两个STA状态集的哈希地址均为1300,从而导致哈希表冲突问题。However, when the last two bytes of the MAC addresses of several STAs/APs are the same, their state sets will have the same hash address, for example, the MAC addresses are "00-A1-B0-BF-05-14" and "8C- The hash addresses of the two STA state sets of A9-82-65-05-14" are both 1300, which leads to hash table conflicts.
优选地,采用基于链地址的哈希表冲突处理方法,将MAC地址后两字节相同的所有STA/AP状态集,都存储在同一线性链表中。由于哈希函数是均匀的,因此在哈希表和冲突链表内查找符合的状态集,查找成功和失败时的平均查找长度分别为Preferably, a chain address-based hash table conflict processing method is used to store all STA/AP state sets with the same last two bytes of the MAC address in the same linear linked list. Due to the hash function is uniform, so look up in the hash table and collision list The state set of the state set, the average search length when the search succeeds and fails is respectively
, ,
式中表示哈希表的装填因子(填入记录数/哈希表长)。通常数据获取模块接收范围内的STA/AP数量远远小于哈希表长,因此和都近似为1,可见该方法具有非常高的查找效率。In the formula Indicates the filling factor of the hash table (the number of filled records/the length of the hash table). Usually the number of STAs/APs within the receiving range of the data acquisition module is much smaller than the length of the hash table, so and Both are approximately 1, which shows that this method has a very high search efficiency.
由于该方法可针对捕获的大量无线帧进行高效、快速的状态集查找和更新,因此其具有“无线数据量适用性”的优势。Because this method can perform efficient and fast state set lookup and update for a large number of captured wireless frames, it has the advantage of "wireless data volume applicability".
对于步骤c),构建WLAN网络拓扑结构的必要性在于:(1)可在稀疏度较大的哈希表内,为所出现的STA/AP状态集建立有效的索引结构,以快速遍历各状态集并获取RSSI的全局最优值;(2)可建立各STA/AP状态集间的关联关系,以获取特定目标STA所接入的AP和所使用的无线信道。For step c), the necessity of constructing the WLAN network topology lies in: (1) An effective index structure can be established for the STA/AP state set that appears in the hash table with a large sparsity, so as to quickly traverse each state (2) The association relationship between each STA/AP state set can be established to obtain the AP accessed by a specific target STA and the wireless channel used.
优选地,在Infrastructure(基础结构)模式的WLAN中,可由AP和STA间的“父子关系”描述网络拓扑结构。AP链表可对AP状态集进行索引,而AP状态集内的序列可对其各STA子节点进行索引;因此,基于“AP链表 + 序列”即可构建完整的WLAN拓扑结构。Preferably, in a WLAN in Infrastructure (infrastructure) mode, the network topology can be described by a "parent-child relationship" between APs and STAs. The AP linked list can index the AP state set, and the AP state set A sequence can index each of its STA child nodes; therefore, based on the "AP linked list + Sequence" to build a complete WLAN topology.
优选地,对状态集内与拓扑结构相关的各数据项(, , 和)以及AP链表的处理方法可包括:检测状态集内的标志,若或,则跳过后续对或的处理;若首次判定或(即类型为AP),则以或的存储地址构建新节点,并插入AP链表的末端;通过特定子类型的管理帧(如“信标”帧等)可获取AP状态集内的和值;通过数据帧或特定子类型的控制帧(如“节能轮询”帧等)可确定与之间的关联关系,从而将STA状态集的存储地址插入AP状态集内的序列。Preferably, for each data item related to the topology in the state set ( , , and ) and the processing method of the AP linked list may include: detecting the sign if or , then skip the subsequent pair or processing; if the first judgment or (that is, the type is AP), then use or The storage address of the new node is constructed and inserted into the end of the AP linked list; through a specific subtype of management frame (such as "beacon" frame, etc.), the information in the AP state set can be obtained and Value; determinable by data frames or by subtype-specific control frames (e.g. "Energy Saver Polling" frames, etc.) and The association relationship between, so that the storage address of the STA state set is inserted into the AP state set sequence.
当STA已接入AP,且收发的数据量较大时,基于所捕获的首个数据帧即可判定、的类型并确定关联关系,从而跳过对后续大量帧的处理;而当STA未接入AP,或已接入AP但收发的数据较少时,基于少量的管理帧或控制帧也可部分判定、的类型;因此,上述方法具有“网络连通适用性”和“无线数据量适用性”的优势。When the STA has connected to the AP and the amount of data sent and received is large, it can be determined based on the first captured data frame , type and determine the association relationship, thereby skipping the processing of a large number of subsequent frames; and when the STA has not connected to the AP, or has connected to the AP but sends and receives less data, it can also be partially determined based on a small number of management frames or control frames , type; therefore, the above method has the advantages of "network connectivity applicability" and "wireless data volume applicability".
对于步骤d)和步骤e),对WLAN拓扑结构和各STA/AP状态集进行周期性遍历和数据分析,基于各序列获取各STA所对应的RSSI统计均值,并将具有全局最大RSSI的STA确定为特定目标,是最终实现MAC地址捕获的关键。For step d) and step e), periodic traversal and data analysis are performed on the WLAN topology and each STA/AP state set, based on each Sequentially obtain the statistical mean value of RSSI corresponding to each STA, and determine the STA with the global maximum RSSI as a specific target, which is the key to finally realize MAC address capture.
优选地,基于一种高效率、低精度的数据处理方法,快速计算各状态集内序列的统计均值。常规的数据处理方法是,首先基于奇异点检测方法(如基于小波变换模极大值的方法)消除原始数据中的突变值;然后基于滤波方法(如基于卡尔曼滤波的方法)对数据进行平滑处理,消除白噪声等干扰;最后计算数据的平均值。但小波方法、卡尔曼滤波等方法的计算量相对较大,当数据获取模块接收范围内存在较多STA/AP时,处理能力相对较弱的手持式终端便无法实时完成对多个状态集的数据统计;同时,在环境复杂的WLAN内,卡尔曼等滤波器模型中的参数也难以确定,因此,常规方法并不适用于特定目标MAC地址捕获的场景需求。由于仅需获取RSSI统计值的最大者,而对其精确度的要求并不高,因此可简化奇异点滤除方法,并省略滤波步骤,快速获取的统计均值:首先计算原始序列的平均值,记为;然后基于所设定的经验阈值,当任一与的差值高于时,可将其识别为奇异点而滤除;最后计算内剩余数据的平均值,记为:Preferably, based on a high-efficiency, low-precision data processing method, quickly calculate the sequence in each state set statistical mean. The conventional data processing method is to first eliminate the abrupt value in the original data based on the singular point detection method (such as the method based on the wavelet transform modulus maximum value); and then smooth the data based on the filtering method (such as the method based on the Kalman filter) Processing, eliminating interference such as white noise; finally calculating the average value of the data. However, wavelet method, Kalman filter and other methods require a relatively large amount of calculation. When there are many STAs/APs in the receiving range of the data acquisition module, handheld terminals with relatively weak processing capabilities cannot complete the real-time analysis of multiple state sets. Data statistics; at the same time, in a complex WLAN environment, parameters in filter models such as Kalman are also difficult to determine. Therefore, conventional methods are not suitable for the scene requirements of specific target MAC address capture. Since only the largest RSSI statistical value needs to be obtained, and its accuracy is not high, the singular point filtering method can be simplified, and the filtering step can be omitted to quickly obtain The statistical mean of : first calculate the original sequence the average value of ; then based on the set empirical threshold , when either and The difference is higher than When , it can be identified as a singular point and filtered out; finally calculate The average value of the remaining data in , denoted as :
式中表示滤除奇异点后的无线帧数量。由于MAC地址捕获过程中,数据获取模块与特定目标之间的相对位置保持不变,因此上述方法可有效滤除奇异点并获取相对准确的统计均值。In the formula Indicates the number of wireless frames after filtering out singular points. Since the relative position between the data acquisition module and the specific target remains unchanged during the MAC address capture process, the above method can effectively filter out singular points and obtain a relatively accurate statistical mean.
优选地,将数据获取模块接收范围内的STA分为“已关联至AP”和“未关联至AP”两类:仅当实体类型为STA,且其状态集内的时,将其归入第一类;若实体类型为STA且,或者实体类型尚未确定(即),则将其归入第二类。Preferably, the STA within the receiving range of the data acquisition module is divided into two types: "associated to AP" and "not associated to AP": only if the entity type is STA, and the STA in its state set , classify it into the first category; if the entity type is STA and , or the entity type has not been determined (i.e. ), it is classified into the second category.
优选地,以时间为周期,对WLAN拓扑结构进行遍历和对拓扑树列表进行更新;以为周期,对哈希表内的第二类STA状态集进行遍历和对未关联列表进行更新。第一类STA状态集可基于“AP链表+序列”的结构进行快速索引,且通常因其与AP间所传输的数据较多而需频繁更新的统计值;而第二类STA状态集仅能通过遍历整个哈希表进行低效率的查找,且通常因传输数据较少而无需频繁更新的统计值;因此,可设置遍历周期。Preferably, in time As a cycle, the WLAN topology is traversed and the topology tree list is updated; with As a cycle, the second type of STA state set in the hash table is traversed and the unassociated list is updated. The first type of STA state set can be based on "AP linked list + "Sequence" structure for fast indexing, and usually requires frequent updates due to the large amount of data transmitted between the AP and the AP The statistical value of ; while the second type of STA state set can only be searched inefficiently by traversing the entire hash table, and usually does not need to be updated frequently due to the small amount of transmitted data The statistical value of ; therefore, the traversal period can be set .
该方法可从任意多个STA的RSSI统计均值中判定全局最大者,因此具有“多用户适用性”的优势。由于数据获取模块和特定目标STA都处于非移动状态,仅需较少和周期即可获取稳定的RSSI统计数据;同时该方法运算量小,适于在手持式设备实现,因此其具有“取证快速性与无痕性”的优势。This method can determine the global maximum from the RSSI statistical mean values of any number of STAs, so it has the advantage of "multi-user applicability". Since both the data acquisition module and the specific target STA are in a non-moving state, only a few and Stable RSSI statistical data can be obtained in only one cycle; at the same time, this method has a small amount of calculation and is suitable for implementation on handheld devices, so it has the advantages of "fast and traceless evidence collection".
