无线Ad—Hoc网络中的入侵检测

随着Internet网络的发展，恶意用户对一些大型的Internet站点进行毁灭性的攻击，于是在有线网络中出现了入侵检测相关技术的研究。无线Ad-Hoc网络可以在任意时间，任意地点访问IP网络，由于其具有开放性、拓扑结构动态改变及缺乏中心检测/管理点和中心的防御能力等特点，它更加容易受到毁灭性的攻击。可是有线网络的入侵检测技术在Ad-Hoc网中无法充分地发挥作用，给出了针对Ad-Hoc网络的冲突检测和响应结构。     

一种检测被捕获节点的基于异常的算法研究

无线传感器网络在许多应用场合里需要采集较敏感的数据,因此安全问题至关重要。一旦传感器节点被捕获,且没有采取相应措施,节点的密钥信息易被泄露,攻击者完全可伪装成这些节点,向网络任意注入错误的信息,由此导致网络的安全性能急剧下降。提出了针对被捕获节点的一种基于异常的入侵检测算法,能有效识别无线传感器网络的被捕获节点。算法对传感器节点间关系进行抽象,采用传感器网络的事件驱动特性来确定某节点在固定时间间隔内是否在发生数据包,基站通过检测可疑节点的数据包发送时间的差异来加以确认。算法不依赖于任何被捕获节点如何行动和密谋的假设,能识别出偏离正常行为值的最大多数被捕获节点,而不会出现"假肯定"。     

基于移动代理WSN分布入侵检测研究

针对聚类无线传感器网络安全的问题,将移动代理技术与分布式入侵检测技术相结合,提出了一种基于移动代理的无线传感器网络分布式入侵检测方案,采用了多个代理模块进行分布式协作,运用一种基于聚类的分布式入侵检测算法,从节点上收集和处理数据,减少网络负载、促进效率平衡,能够满足WSNs的要求和限制。从而达到提高无线传感器网络的安全性、可靠性,降低入侵检测能量消耗的目的。     

基于遗传神经网络的入侵检测方法研究

首先介绍了人工神经网络和遗传算法的基本原理，进行分析后将这两种方法相结合提出一种GABP遗传神经网络算法及其实现过程，并将其应用于入侵检测中，和传统的BP神经网络相比具有较好的效果。     

入侵检测技术趋势

描述了遗传算法．统计模型、神经网络、人工免疫系统等入侵检测技术趋势，并指出入侵检测系统的不足。将防火墙、密罐和漏洞扫描与入侵检测系统相结合，以进一步提高入侵检测系统的性能     

利用有限状态机的无线网状网的入侵检测

Wireless Mesh Networks is vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, lack of centralized monitoring and management point. The raditional way of protecting networks with firewalls and encryption software is no longer sufficient and effective for those features. In this paper, we propose a distributed intrusion detection approach based on timed automata. A cluster-based detection scheme is presented, where periodically a node is elected as the monitor node for a cluster. These monitor nodes can not only make local intrusion detection decisions, but also cooperatively take part in global intrusion detection. And then we construct the Finite State Machine (FSM) by the way of manually abstracting the correct behaviors of the node according to the routing protocol of Dynamic Source Routing (DSR). The monitor nodes can verify every node's behavior by the Finite State Machine (FSM), and validly detect real-time attacks without signatures of intrusion or trained data. Compared with the architecture where each node is its own IDS agent, our approach is much more efficient while maintaining the same level of effectiveness. Finally, we evaluate the intrusion detection method through simulation experiments.     

基于局部联系的无线传感网络异常入侵检测

提出一种局部联系对比搜索算法.通过把节点刷新定位过程,与其相邻的小范围分布网络的均值特征节点做比较,利用局部无线网络节点最优信息,检测异常入侵节点信息,避免了传统集中式方法对全部节点搜索的耗时.实验证明,这种局部联系对比定位算法能够有效利用网络信息,对异常节点实现准确入侵检测,缩短了检测时间.     

网络入侵检测技术研究

对入侵检测作较全面的综述性介绍，首先从入侵、入侵检测的概念出发，接着介绍入侵检测的分类和入侵检测系统的模型，最入对入侵检测的各种方法进行简要分析。     

基于移动代理的入侵检测系统

移动代理应用到入侵检测系统中,很好的解决了系统中的诸多问题。文中提出了设计一种基于移动代理的入侵检测系统的基本思路和在实现中出现的问题,给出了一个具体的设计模型,并对其安全性进行分析。     

移动代理技术在分布式入侵检测系统中的应用

基于移动代理的入侵检测技术是近几年发展起来的一种新技术。主要介绍了基于移动代理技术的入侵检测系统模型的历史、概念、特点并介绍了一种Spara的模型。     

Associativity-Based Routing for Ad Hoc Mobile Networks

This paper presents a new, simple and bandwidth-efficient distributed routing protocol to support mobile computing in a conference size ad-hoc mobile network environment. Unlike the conventional approaches such as link-state and distance-vector distributed routing algorithms, our protocol does not attempt to consistently maintain routing information in every node. In an ad-hoc mobile network where mobile hosts (MHs) are acting as routers and where routes are made inconsistent by MHs' movement, we employ an associativity-based routing scheme where a route is selected based on nodes having associativity states that imply periods of stability. In this manner, the routes selected are likely to be long-lived and hence there is no need to restart frequently, resulting in higher attainable throughput. Route requests are broadcast on a per need basis. The association property also allows the integration of ad-hoc routing into a BS-oriented Wireless LAN (WLAN) environment, providing the fault tolerance in times of base stations (BSs) failures. To discover shorter routes and to shorten the route recovery time when the association property is violated, the localised-query and quick-abort mechanisms are respectively incorporated into the protocol. To further increase cell capacity and lower transmission power requirements, a dynamic cell size adjustment scheme is introduced. The protocol is free from loops, deadlock and packet duplicates and has scalable memory requirements. Simulation results obtained reveal that shorter and better routes can be discovered during route re-constructions.     

RPSF: A Routing Protocol with Selective Forwarding for Mobile Ad-Hoc Networks

Many existing reactive routing algorithms for mobile ad-hoc networks use a simple broadcasting mechanism for route discovery which can lead to a high redundancy of route-request messages, contention, and collision. Position-based routing algorithms address this problem but require every node to know the position and velocity of every other node at some point in time so that route requests can be propagated towards the destination without flooding the entire network. In a general ad-hoc network, each node maintaining the position information of every other node is expensive or impossible. In this paper, we propose a routing algorithm that addresses these drawbacks. Our algorithm, based on one-hop neighborhood information, allows each node to select a subset of its neighbors to forward route requests. This algorithm greatly reduces the number of route-request packets transmitted in the route-discovery process. We compare the performance of our algorithm with the well known Ad-hoc On-demand Distance Vector (AODV) routing algorithm. On average, our algorithm needs less than 12.6% of the routing-control packets needed by AODV. Simulation results also show that our algorithm has a higher packet-delivery ratio and lower average end-to-end delay than AODV.     

基于聚类的Adhoc网络入侵检测研究

由于Adhoc网络的独特网络特性,其安全性特别脆弱。在分析了Adhoc网络安全性的基础上,提出了一种聚类算法和人工免疫系统相结合来进行入侵检测的方法。该算法是一种无监督异常检测算法,它具有可扩展性、对输入数据集的顺序不敏感等特性,有处理不同类型数据和噪声数据的能力。实验表明,该算法可以改进Adhoc网络入侵检测的检测率和误检率。     

基于移动代理的入侵检测系统模型研究

分析了移动代理技术具有的智能、平台无关、分布灵活、低数据流量和多代理合作等特点,探讨了移动代理技术应用于入侵检测系统中的优势．在系统设计中利用了移动代理的自主性和移动性弥补了入侵检测系统的缺陷、考虑到移动代理的安全性,提出了一个相关的安全性系统模型、     

Ad Hoc网络的入侵检测技术研究

Ad Hoc网络是一种没有固定基础设施、网络拓扑不断变化的新型网络,固有的脆弱性使它容易受到攻击,给Ad Hoc的入侵检测带来更多挑战.文中介绍了入侵检测技术及其分类,并根据Ad Hoc网络自身的特性,总结了已有的适于Ad Hoc网络的新型的入侵检测技术及其特性.最后,提出一种基于簇的分布式入侵检测技术,对其关键技术和工作机制进行分析和阐述.     

无线传感器网络入侵检测系统

无线传感器网络与传统网络存在较大差异,传统入侵检测技术不能有效地应用于无线传感器网络。文中分析了无线传感器网络面临的安全威胁;总结了现有的无线传感器网络入侵检测方案;在综合现有无线传感器网络入侵检测方法的基础上,提出了一种分等级的入侵检测系统,该入侵检测体系结构通过减少错报能检测到大多数的安全威胁。     

Integrated Routing and Storage for Messaging Applications in Mobile Ad Hoc Networks

This paper is motivated by the observation that traditional ad hoc routing protocols are not an adequate solution for messaging applications (e.g., e-mail) in mobile ad hoc networks. Routing in ad hoc mobile networks is challenging mainly because of node mobility – the more rapid the rate of movement, the greater the fraction of bad routes and undelivered messages. For applications that can tolerate delays beyond conventional forwarding delays, we advocate a relay-based approach to be used in conjunction with traditional ad hoc routing protocols. This approach takes advantage of node mobility to disseminate messages to mobile nodes. The result is the Mobile Relay Protocol (MRP), which integrates message routing and storage in the network; the basic idea is that if a route to a destination is unavailable, a node performs a controlled local broadcast (a relay) to its immediate neighbors. In a network with sufficient mobility – precisely the situation when conventional routes are likely to be non-existent or broken – it is quite likely that one of the relay nodes to which the packet has been relayed will encounter a node that has a valid, short (conventional) route to the eventual destination, thereby increasing the likelihood that the message will be successfully delivered. Our simulation results under a variety of node movement models demonstrate that this idea can work well for applications that prefer reliability over latency.     

基于信誉度的移动自组网入侵检测分簇算法

针对已有基于路由的分簇算法,不适用于移动自组网入侵检测的特性要求,文中提出了一种基于信誉度的入侵检测分簇算法(CIDS).该算法从簇结构安全、稳定的角度出发,采用信誉度的概念对网络节点属性进行数学抽象,定义了节点信誉度的数学表达式,选择综合信誉度高的节点收集网络教据、检测网络行为.为移动自组网入侵检测系统提供了稳定、安全的支持.     

无线网格网络中基于非完全信息博弈的入侵检测模型

Wireless Mesh Networks (WMNs ) have many applications in homes, schools, enterprises, and public places because of their useful characteristics, such as high bandwidth, high speed, and wide coverage. However, the security of wireless mesh networks is a precondition for practical use. Intrusion detection is pivotal for increasing network security. Considering the energy limitations in wireless mesh networks, we adopt two types of nodes: Heavy Intrusion Detection Node (HIDN) and Light Intrusion Detection Node (LIDN). To conserve energy, the LIDN detects abnormal behavior according to probability, while the HIDN, which has sufficient energy, is always operational. In practice, it is very difficult to acquire accurate information regarding attackers. We propose an intrusion detection model based on the incomplete information game (ID-IIG). The ID-IIG utilizes the Harsanyi transformation and Bayesian Nash equilibrium to select the best strategies of defenders, although the exact attack probability is unknown. Thus, it can effectively direct the deployment of defenders. Through experiments, we analyze the performance of ID-IIG and verify the existence and attainability of the Bayesian Nash equilibrium.     

特征检测与异常检测相结合的入侵检测模型

介绍了入侵检测技术的基本概念,讨论了几种常见的入侵检测技术,提出特征检测和入侵检测相结合的一种检测技术,建立了模型并分析了实验结果,发现其检测性能更好。