无线传感器网络入侵检测系统

无线传感器网络与传统网络存在较大差异,传统入侵检测技术不能有效地应用于无线传感器网络。文中分析了无线传感器网络面临的安全威胁;总结了现有的无线传感器网络入侵检测方案;在综合现有无线传感器网络入侵检测方法的基础上,提出了一种分等级的入侵检测系统,该入侵检测体系结构通过减少错报能检测到大多数的安全威胁。     

基于移动代理的无线Ad Hoc网络IDS研究

介绍了无线Ad Hoc网络的特点和面临的安全问题，分析了移动代理在Ad Hoc网络入侵检测系统中的适用性，给出了一种基于移动代理的无线Ad Hoc网络入侵检测系统模型。     

浅析下一代移动通信网络的安全问题

随着移动通信网络的不断发展,无线接人技术、终端技术、网络技术和业务平台技术正向异构化、多样化和泛在化的趋势发展。下一代移动通信网络具有开放、灵活、可管理、移动的网络架构特点,因此其安全问题将比以往移动通信系统更加复杂。文章从下一代移动通信网络的组网结构人手,结合第二代及第三代移动通信系统存在的安全问题,分析下一代移动通信网络所面临的安全威胁,论述了其应具有的安全体系结构。     

无线局域网中的入侵检测

首先简单描述了无线局域网(WLAN)技术IEEE802.11的最新发展现状及其安全漏洞隐患,然后介绍了入侵检测技术,并分析了WLAN内入侵检测技术的现状及实施要点,最后详细描述了应用于两种不同类型(其中包括基础结构模式和移动自组网模式)WLAN的入侵检测模型架构。这些模型架构充分考虑了WLAN的布局特点,其中基础结构模式采用可应用于大规模网络的、分布式的、基于网络的入侵检测系统,系统由中心控制台和监测代理组成;移动自组网模式内的入侵检测则采用基于主机的入侵检测系统,并在路由协议中加以实现,具有实用价值。     

WSN入侵检测系统ARMA预测模型分析研究

无线传感网络(Wireless Sensor Networks,WSN)作为新兴的测控网络技术,是能够自主实现数据采集、融合和传输应用的智能网络应用系统。WSN因其巨大优势和广阔的应用前景引起各界的关注。开放的分布式架构给无线传感器网络的安全带来了很大的挑战。而安全是无线传感器网络可用的前提,针对这一问题,迫切需要设计出能有效检测出网络入侵攻击的入侵检测系统。文章对无线传感网络安全特性进行了深入分析和研究,提出一种基于流量的ARMA预测模型的入侵检测技术。该模型利用传感器节点信息的关系和特点,增加了网络的安全性,使得网络能灵活的适应无线传感器网络拓扑结构的变化。     

无线移动传感器网络自适应体系结构的设计

随着无线网络技术的日益成熟及其对小型、微型移动设备的支持，无线移动传感器网络已经逐渐成为一个研究的热点。主要讨论了为无线移动传感器网络设计的一个自适应的体系结构。在该体系结构中，使用了一个区域和核心路由节点相结合的多层结构的方法来增加无线移动网络的信息传输能力、可扩充性和可靠性，并降低网络的能耗，这样就可以适应无线移动网络的高度动态性和移动性。     

WSN入侵检测系统ARMAN测模型分析研究

无线传感网络(Wireless Sensor Networks,WSN)作为新兴的测控网络技术,是能够自主实现数据采集、融合和传输应用的智能网络应用系统.WSN因其巨大优势和广阔的应用前景引起各界的关注.开放的分布式架构给无线传感器网络的安全带来了很大的挑战.而安全是无线传感器网络可用的前提,针对这一问题,迫切需要设计出能有效检测出网络入侵攻击的入侵检测系统.文章对无线传感网络安全特性进行了深八分析和研究,提出一种基于流量的ARMA预测模型的入侵检测技术.该模型利用传感器节点信息的关系和特点,增加了网络的安全性,使得网络能灵活的适应无线传感器网络拓扑结构的变化.     

分布式入侵检测系统的体系架构

由于 ＴＣＰ／ＩＰ协议的开放性，目前的网络极易受到攻击。网络入侵行为，特别是分布式入侵行为，给网络的正常运行造成了巨大的危害，阻碍了网络经济的迅速发展。为了能有效地检测和跟踪入侵行为，这里提出了一个基于智能代理的入侵检测系统的体系结构和分布跟踪算法。该系统是一个分布式实时入侵检测系统，它由智能的主机代理、网络代理和路由器／网关代理组咸。每个智能代理都是独立的实体，拥有解决问题的不完全的信息或能力，通过协同工作并使用分布跟踪算法，实时检测网络入侵行为，跟踪网络入侵者，有效地维护网络安全。     

基于区分服务的无线传感器网络跨层QoS体系结构

结合无线传感器网络自身特点,提出一种三层可计算QoS指标体系;在此基础上,根据各种应用不同QoS需求将应用分为四类,设计出一种基于区分服务的无线传感器网络跨层QoS体系结构(CQAW),并给出了参考实现框架.     

网络入侵检测系统的实现

论述了入侵检测系统的概念及其产生的背景，将网络入侵检测系统分为2类：一类是基于主机的入侵检测系统(HIDS)，另一类是基于网络的入侵检测系统(NIDS)；分析了现有NIDS的体系结构，着重阐述基于网络入侵检测系统的优势以及现有NIDS的存在问题和可能的解决办法，并针对新一代的入侵检测系统系统提出一些廷议。     

On Survivability of Mobile Cyber Physical Systems with Intrusion Detection

In this paper we address the survivability issue of a mobile cyber physical system (MCPS) comprising sensor-carried human actors, vehicles, or robots assembled together for executing a specific mission in battlefield or emergency response situations. We develop a mathematical model to assess the survivability property of a MCPS subject to energy exhaustion and security failure. Our model-based analysis reveals the optimal design setting for invoking intrusion detection to best balance energy conservation versus intrusion tolerance for achieving high survivability. We test the effectiveness of our approach with a dynamic voting-based intrusion detection technique leveraging sensing and ranging capabilities of mobile nodes in the MCPS and demonstrate its validity with simulation validation.     

Model-Based Evaluation of Distributed Intrusion Detection Protocols for Mobile Group Communication Systems

Under highly security vulnerable, resource-restricted, and dynamically changing mobile ad hoc environments, it is critical to be able to maximize the system lifetime while bounding the communication response time for mission-oriented mobile groups. In this paper, we analyze the tradeoff of security versus performance for distributed intrusion detection protocols employed in mobile group communication systems (GCSs). We investigate a distributed voting-based intrusion detection protocol for GCSs in multi-hop mobile ad hoc networks and examine the effect of intrusion detection on system survivability measured by the mean time to security failure (MTTSF) metric and efficiency measured by the communication cost metric. We identify optimal design settings under which the MTTSF metric can be best traded off for the communication cost metric or vice versa. We conduct extensive simulation to validate analytical results obtained. This work provides a general model-based evaluation framework for developing and analyzing intrusion detection protocols that can dynamically adapt to changing attacker strengths with the goal of system lifetime optimization and/or communication cost minimization.     

移动Agent在DIDS中应用的关键技术

移动代理作为一种先进的软件技术,可有效解决入侵检测系统分布式天然特性所带来的诸多问题。针对目前入侵检测系统的不足,将新型分布式处理技术移动Agent与入侵检测融为一体,提出了一种基于移动代理的分布式入侵检测系统(DIDS)的模型,并深入阐述了在分布式入侵检测系统中应用移动代理技术所需要解决的关键问题。     

基于簇的移动Ad hoc网多层分布式入侵检测

动Ad hoc网络的独特网络特性导致其安全性特别脆弱，所以为其提供高安全的入侵检测系统势在必行。通过考虑在移动Ad hoc网络中入侵检测系统的分布式和协同工作的需要，提出了一种基于簇的多层分布式入侵检测技术，并给出模型。此模型采用统计学方法的异常检测技术结合数据挖据技术和簇技术对入侵进行检测．有效提高了移动Ad hoc网络的安全性和对分布式攻击的协同检测能力，并降低了网络的通信负荷。     

Intrusion Detection Techniques for Mobile Wireless Networks

The rapid proliferation of wireless networks and mobile computing applications has changed the landscape of network security. The traditional way of protecting networks with firewalls and encryption software is no longer sufficient and effective. We need to search for new architecture and mechanisms to protect the wireless networks and mobile computing application. In this paper, we examine the vulnerabilities of wireless networks and argue that we must include intrusion detection in the security architecture for mobile computing environment. We have developed such an architecture and evaluated a key mechanism in this architecture, anomaly detection for mobile ad-hoc network, through simulation experiments.     

IDAMN: an intrusion detection architecture for mobile networks

We present IDAMN (intrusion detection architecture for mobile networks), a distributed system whose main functionality is to track and detect mobile intruders in real time. IDAMN includes two algorithms which model the behavior of users in terms of both telephony activity and migration pattern. The main novelty of our architecture is its ability to perform intrusion detection in the visited location and within the duration of a typical call, as opposed to existing designs that require the reporting of all call data to the home location in order to perform the actual detection. The algorithms and the components of IDAMN have been designed in order to minimize the overhead incurred in the fixed part of the cellular network     

一种高效移动警务终端安全管控平台

安全问题历来是移动警务技术的核心和瓶颈,束缚着移动警务技术的发展。分析了当前移动警务终端面临的主要安全隐患,在有针对性地制定相应对策的基础上,提出了一种高效移动警务终端安全管控平台的解决方案,具体闸述了此平台的实现原理、架构设计、性能优势。对目前移动警务终端安全保障机制的研究,具有一定的借鉴意义。     

IPv6 multihoming support in the mobile internet

Fourth-generation mobile devices incorporate multiple interfaces with diverse access technologies. The current Mobile IPv6 protocol fails to support the enhanced fault tolerance capabilities that are enabled by the availability of multiple interfaces. In particular, established MIPv6 communications cannot be preserved through outages affecting the home address. In this article, we describe an architecture for IPv6 mobile host multihoming that enables transport layer survivability through multiple failure modes. The proposed approach relies on the cooperation between the MIPv6 and the SHIM6 protocols.     

Intrusion detection techniques in mobile ad hoc and wireless sensor networks

Mobile ad hoc networks and wireless sensor networks have promised a wide variety of applications. However, they are often deployed in potentially adverse or even hostile environments. Therefore, they cannot be readily deployed without first addressing security challenges. Intrusion detection systems provide a necessary layer of in-depth protection for wired networks. However, relatively little research has been performed about intrusion detection in the areas of mobile ad hoc networks and wireless sensor networks. In this article, first we briefly introduce mobile ad hoc networks and wireless sensor networks and their security concerns. Then, we focus on their intrusion detection capabilities. Specifically, we present the challenge of constructing intrusion detection systems for mobile ad hoc networks and wireless sensor networks, survey the existing intrusion detection techniques, and indicate important future research directions.     

基于应用的高速网络入侵检测系统研究

传统的网络入侵检测方法基于传输层以下的数据包特性来检测入侵，因此存在一些难以克服的缺点，如易受欺骗（evasion)、误报警（false positive)多、检测效率低等，难以适应高速的网络环境。为了解决这些问题，本文提出将应用协议分析方法应用到网络入侵检测中，实现基于应用的检测，并提出了一个改进的多模式匹配算法，进一步提高检测的效率；同时针对高速网络环境，利用基于数据过滤的压缩技术与负载均衡技术提出了一个新的网络入侵检测系统结构模型，给出了系统的设计与实现方法。实验测试表明系统能够对吉比特以太网进行有效的实时检测。