共查询到20条相似文献,搜索用时 15 毫秒
1.
802.11无线局域网入侵检测技术的研究与应用 总被引:1,自引:1,他引:0
无线局域网(WLAN)因其无线信道的特殊性,较传统有线网更易受到攻击。入侵检测是较主动的安全监控技术,能防止外部的入侵还能检测内部的非法使用。研究将入侵检测应用于WLAN,将会提高WLAN的主动防御能力。据WLAN工作协议IEEE802.1的特点,选择其媒体接入MAC层和LLC层的关键字段作入侵检测的分析对象,提出了WLAN下入侵检测数据包捕获和入侵分析方法。针对WLAN不同类别的入侵检测事件进行了入侵检测方案设计。对经典入侵工具NetStumbler、Wellenreiter的入侵机理进行分析,找到了入侵检测的方法。据WLAN的两种基本工作模式,提出了基于主机检测和网络检测相结合的分布式入侵检测模型,并给出了实现的模块框架图。结合实例的WLAN入侵检测方案设计具有较强的针对性和实用性。 相似文献
2.
Mohammad Zulkernine Mathews Graves Muhammad Umair Ahmed Khan 《International Journal of Information Security》2007,6(5):345-357
There exist a number of Intrusion Detection Systems (IDSs) that detect computer attacks based on some defined attack scenarios.
The attack scenarios or security requirements in some of these IDSs are specified in attack specification languages that are
different from software specification languages. The use of two different languages for software specification and attack
specification may generate redundant and conflicting requirements. The advantage of using the same language for both functional
specifications and attacks specifications is that software designers can address the two different issues without learning
two types of languages. We present a method of integrating Abstract State Machine Language (AsmL) and Unified Modeling Language
(UML) state charts that are extended finite state machine based software specification languages, with an open source IDS
Snort. This work provides AsmL and UML users an IDS that they can use without knowing how to write Snort rules. We automatically
translate attack scenarios written in AsmL and UML state charts into Snort rules with context information. The original Snort
is modified so that it can use the rules automatically generated by the translator. Adding context information to Snort rules
improves the detection capability of Snort. To show the efficacy of the presented approach, we have built a prototype and
evaluated it using a number of well-known attack scenarios. 相似文献
3.
Shun-Sheng Wang Kuo-Qin Yan Shu-Ching Wang Chia-Wei Liu 《Expert systems with applications》2011,38(12):15234-15243
A Wireless Sensor Network (WSN) consists of many low-cost, small devices. Usually, as they are deployed to an open and unprotected region, they are vulnerable to various types of attacks. In this research, a mechanism of Intrusion Detection System (IDS) created in a Cluster-based Wireless Sensor Network (CWSN) is proposed. The proposed IDS is an Integrated Intrusion Detection System (IIDS). It can provide the system to resist intrusions, and process in real-time by analyzing the attacks. The IIDS includes three individual IDSs: Intelligent Hybrid Intrusion Detection System (IHIDS), Hybrid Intrusion Detection System (HIDS) and misuse Intrusion Detection System. These are designed for the sink, cluster head and sensor node according to different capabilities and the probabilities of attacks these suffer from. The proposed IIDS consists of an anomaly and a misuse detection module. The goal is to raise the detection rate and lower the false positive rate through misuse detection and anomaly detection. Finally, a decision-making module is used to integrate the detected results and report the types of attacks. 相似文献
4.
5.
基于数据挖掘的恶意行为检测方法 总被引:1,自引:0,他引:1
1.引言入侵检测系统(Intrusion Detection System,IDS)是一种动态的网络攻击检测技术,能够在网络系统运行过程中发现入侵者的恶意行为和踪迹,并适时地作出反应。它是防火墙之后的第二道安全防线,与防火墙相辅相成,构成了一个完整的网络安全防护系统。 相似文献
6.
入侵检测作为一种动态的网络安全技术,是计算机安全不可缺少的组成部分。目前的入侵检测系统大都采用模式匹配算法,针对高速网络环境下此类系统的检测引擎所面临的性能瓶颈问题,介绍了基于协议分析的入侵检测技术的实现原理,提出利用网络协议的高度规则性快速探测攻击的方法,借此减少虚警和误判的可能性,并提高了网络入侵检测系统的性能和效率。 相似文献
7.
8.
Yongguo Liu Author Vitae Kefei Chen Author Vitae Author Vitae Wei Zhang Author Vitae 《Pattern recognition》2004,37(5):927-942
Traditional intrusion detection methods lack extensibility in face of changing network configurations as well as adaptability in face of unknown attack types. Meanwhile, current machine-learning algorithms need labeled data for training first, so they are computational expensive and sometimes misled by artificial data. In this paper, a new detection algorithm, the Intrusion Detection Based on Genetic Clustering (IDBGC) algorithm, is proposed. It can automatically establish clusters and detect intruders by labeling normal and abnormal groups. Computer simulations show that this algorithm is effective for intrusion detection. 相似文献
9.
A significant increase in the number of connected devices in the Internet of Things poses a key challenge to efficiently handling the attacks in routing protocols such as Routing Protocol for Low Power and Lossy Networks (RPL). The attacks on RPL are partly studied in the literature, and the proposed solutions typically overlook the appropriate trade-off among the detection rate and communication and computational overhead. This study aimed at introducing a new attack called Dropped Destination Advertisement Object (DDAO) and a new Intrusion Detection System (IDS) to counter this attack in RPL protocol. DDAO attack adversely affects the network by preventing the creation of the downward routes through not forwarding Destination Advertisement Object (DAO) messages and sending fake Destination Advertisement Object Acknowledgment (DAO-ACK) messages to the DAO source. A distributed lightweight IDS is proposed in this study to detect and counter DDAO attacks by monitoring the behavior of parents against forwarded DAO messages. According to the evaluations conducted on the Cooja simulator under different real-world conditions, the proposed IDS can detect DDAO attacks with high accuracy, precision, and True Positive Rate (TPR) and low False Positive Rate (i.e., close to zero). Additionally, compared to RPL, the proposed IDS improves Packet Delivery Rate (PDR) by 158 percent when countering attacks. 相似文献
10.
11.
由于目前基于移动Sink的WSN数据收集方法存在网络攻击检测率不高、内存开销大等问题,导致网络较易受到网络攻击且难以被实际应用。针对该问题,提出一种基于移动Sink的WSN安全数据收集方法,利用能量感知的凸壳算法,识别数据收集点,使用椭圆加密算法(ECC)为网络内的所有节点生成密钥,通过ElGamal算法实现节点身份和消息的认证,使用支持向量机(SVM)识别网络攻击类型。仿真实验结果表明,所提出的安全数据收集方法在攻击检测率、内存开销以及数据包投递率方面都表现出较好的性能。 相似文献
12.
自动化入侵检测是入侵检测的重要研究方向。传统的入侵检测由于依赖标识数据进行训练,不能做到自动更新规则库和检测新的入侵。提出一种自动检测入侵的方法——基于聚类(Clustering)的未标识数据的检测。它不依赖分类标识数据进行训练,能检测到未知的入侵而保持着很低的误报率。 相似文献
13.
基于免疫聚类的入侵检测研究 总被引:1,自引:0,他引:1
现代网络中用户的行为以及网络结构不断发生变化,因而需要大量已标记的样本数据,用以动态更新入侵检测模式。但是通过手工方式标记学习数据集非常耗时,因此基于标记数据集的检测模型就越来越难以满足实际应用的需要,本文提出了一种使用无标记数据集的基于免疫聚类的异常检测算法,该方法可直接用于检测入侵行为,也可作为建立入侵检测模型的中间步骤,用来提高入侵检测系统的适应性和部署效率。 相似文献
14.
针对无线传感器网络(WSNs)中容易遭受多种攻击的问题,提出一种融合马尔可夫决策过程(MDP)和博弈论的WSN入侵检测系统(IDS),称为马尔可夫博弈入侵检测系统(MG-IDS)。MG-IDS采用博弈论和MDP的异常、误用检测技术来确定最佳的防御策略,同时利用MDP和攻击模式挖掘算法,根据攻击记录来预测未来攻击模式。通过仿真实验,比较了MG-IDS、仅博弈论和仅MDP三种方案,在不同攻击频率下,对多类型混合攻击的防御性能进行了比较,实验结果表明,所提出的MG-IDS具有较高的防御成功率。 相似文献
15.
针对无线传感器网络的选择性转发攻击,以提高恶意节点检测率和系统防御性为目标,提出了一种基于最优转发策略的随机路由算法和可信邻居节点监听的检测和防御方法。该方法通过引入距离、信任度等参数构建转发路径,同时,在路由发现和选择过程中,采用节点监听机制对恶意节点进行检测和防御处理。在Matlab环境下对该机制进行了仿真实验,并与其他方法进行了性能对比分析。实验结果表明:该方法能够在消耗相对较少能量情形下有效检测出选择性传递攻击,保持较高事件报文成功率,并且对恶意节点能做到有效的防御和处理。 相似文献
16.
入侵检测系统检测蠕虫攻击的关键在于蠕虫特征是否准确,随着蠕虫Polymorphic技术的不断发展,如何快速有效地提取Polymorphic蠕虫特征,是入侵检测中特征提取领域的一个重要的研究方向。采用基于模式的特征提取算法,通过对多个可疑Polymorphic蠕虫流量进行序列比对,自动提取它们的最长公共子序列,结果用两种形式的向量表示;并采用相似度度量的检测方法,利用已提取的特征向量,判别新到来的Polymorphic蠕虫流量所属的类别,从误报率和漏报率方面验证了特征提取算法的有效性以及相似度度量检测方法的有效性。 相似文献
17.
兴趣泛洪攻击(interest flooding attack,IFA)和合谋兴趣泛洪攻击(conspiracy interest flooding attack,CIFA)是命名数据网络(named data networking,NDN)面临的典型的安全威胁.针对现有检测方法的检测特征单一因此不能有效地辨别攻击种类以及检测率不够高等问题,提出一种基于关联规则算法和决策树算法联合检测NDN中攻击的方法.首先,通过提取NDN路由节点的内容缓存(content cache,CS)中的数据信息挖掘CS中新的检测特征“缓存增长率”,实验发现“CS数据包增长率”是辨别IFA还是CIFA的有利依据.其次,使用关联规则算法将新的检测特征与待定兴趣表(pending interest table,PIT)中多个检测特征联合,寻找各个特征之间的关联性并将其作为决策树的输入.最后,使用决策树算法检测攻击.该方法使用决策树算法和关联规则算法联合检测NDN中的攻击,不仅避免了单一特征检测攻击造成的误判并且丰富了决策树的分类属性.分析仿真结果表明该检测方法可以精确地区分并检测IFA和CIFA并且提高了检测率. 相似文献
18.
This paper presents a formal specification of the Ad hoc On-demand Distance Vector (AODV) routing protocol using AWN (Algebra for Wireless Networks), a recent process algebra which has been tailored for the modelling of mobile ad hoc networks and wireless mesh network protocols. Our formalisation models the exact details of the core functionality of AODV, such as route discovery, route maintenance and error handling. We demonstrate how AWN can be used to reason about critical protocol properties by providing detailed proofs of loop freedom and route correctness. 相似文献
19.
Compromised sensor nodes may collude to segregate a specific region of the sensor network preventing event reporting packets in this region from reaching the basestation. Additionally, they can cause skepticism over all data collected. Identifying and segregating such compromised nodes while identifying the type of attack with a certain confidence level is critical to the smooth functioning of a sensor network. Existing work specializes in preventing or identifying a specific type of attack and lacks a unified architecture to identify multiple attack types. Dynamic Camouflage Event-Based Malicious Node Detection Architecture (D-CENDA) is a proactive architecture that uses camouflage events generated by mobile-nodes to detect malicious nodes while identifying the type of attack. We exploit the spatial and temporal information of camouflage event while analyzing the packets to identify malicious activity. We have simulated D-CENDA to compare its performance with other techniques that provide protection against individual attack types and the results show marked improvement in malicious node detection while having significantly less false positive rate. Moreover, D-CENDA can identify the type of attack and is flexible to be configured to include other attack types in future. 相似文献