移动Ad Hoc网络的入侵响应研究

传统网络中的入侵阻止和检测等防护方法在网络结构脆弱、节点移动的移动自组网络中无法达到预期效果。将移动代理引入无线自组网络中,设计分布式入侵检测响应系统,通过多种功能的移动代理实现入侵检测功能,并在入侵检测的基础上利用移动代理跟踪、隔离入侵节点,对入侵节点做出及时响应。实验结果表明此方法节省网络节点资源、避免网络的崩溃且达到主动响应隔离入侵节点的效果,有效地检测并阻止了入侵行为。     

移动ad hoc网络中DOS攻击及其防御机制

移动ad hoc网络由于其动态拓扑、无线信道以及各种资源有限的特点,特别容易遭受拒绝服务(DOS)攻击．提出了移动ad hoc网络中一种新的DOS攻击模型——ad hoc flooding攻击及其防御策略．该攻击主要针对移动ad hoc网络中的按需路由协议,如AODV,DSR等．ad hoc flooding攻击是通过在网络中泛洪发送超量路由查询报文及数据报文,大量地占用网络通信及节点资源,以至于阻塞节点正常的通信．分析ad hoc flooding攻击之后,提出了两种防御策略：其一是邻居阻止,即当入侵者发送大量路由查询报文时,邻居节点降低对其报文的处理优先级,直至不再接收其报文．其二是路径删除,即目标节点将入侵者发送攻击报文的路径删除,以阻止其继续发送攻击报文．模拟实验证实,通过这两种方法的结合．能够有效地阻止网络中的ad hoc flooding攻击行为．     

移动自组网入侵检测综述

移动自组网是由移动节点自组织形成的网络,由于其动态拓扑、无线通信的特点,容易遭受各种安全威胁.移动自组网入侵检测是安全研究中最核心的技术之一.对现有的入侵检测体系结构进行了讨论,同时分析了各自的优点和缺点,接着较详细地介绍了各种检测方法,并进行了综合比较.最后指出移动自组网入侵检测研究今后发展的趋势.     

移动Ad hoc网络路由协议安全研究

移动ad hoc网络是一种完全由移动主机构成的网络,其主要特点为网络拓扑易变,带宽、能源有限。这些特点使得适应于固定网络的安全策略在移动ad hoc网络上不能很好地发挥作用,需要设计一些针对其特点的解决方案.该文介绍了针对移动ad hoc网络路由协议安全方面的最新研究进展,首先介绍了移动ad hoc网络的安全弱点和攻击类型,其后时一些典型方案进行了说明,分析了各种方案的优点和缺点,并进行了综合比较。文中分析了目前协议存在的一些问题并提出了相应的改进方法,最后指出了下一步研究方向。     

基于可生存性的Ad Hoc网络容侵策略

针对Ad Hoc网络可生存性的威胁因素,采用基于本地群的安全复原策略,在邻节点管理机制和本地协同投票机制的基础上提出双层安全实施架构,建立群内移动节点之间安全基础上的群间的安全联动;并以Ad Hoc网络路由协议AODV的内部误用为例,说明安全策略的实施.     

基于模糊行为分析的移动自组网入侵检测

移动自组网络是一种不需要基础设施的网络．在这种网络中,移动节点是自组织的,并且需要互相提供网络路由服务．自组网络非常容易受到攻击,特别是内部攻击．提出了一个基于模糊行为分析的入侵检测方案,以检测网络内部的路由攻击．利用邻接节点监测,通过分析节点路由行为与路由规范的偏差,发现恶意行为．在数据分析的过程中引入了模糊路由行为分析的方法,大大降低了误报率．仿真实验表明,该方案能有效地检测出路由入侵行为,而将误报率控制在一个较低的水平．     

一种多层分类的入侵检测系统

信息安全是全球关注的重要话题。但Internet的复杂性、可访问性和开放性带来了日益增长的严重的信息系统安全的威胁。论文介绍了一种使用支持向量机和神经网络的入侵监测系统。主要思想是发现用以描述用户在系统上行为的模式与特征,用一系列相关的特征建立分类器去进行异常检测,希望能够实时地发现入侵。通过比较基于神经网络和支撑向量机的入侵检测系统,利用两者各自的优势,构造了一种新的入侵检测系统。     

移动Ad hoc网络安全分簇综述

移动Ad hoc网络是由移动节点组成的无线移动通信网络,它具有动态拓扑、无线通信的特点,但又易受到各种安全威胁。规模较大的移动Ad hoc网络可以用分簇的方法来减少路由和控制开销,并提高网络的可扩充性。综合分析了以安全为部分或全部目的的移动Ad hoc网络分簇方法研究的最新进展。首先分析了移动Ad hoc网络的特点、体系结构和面临的安全威胁,然后将较大规模移动Ad hoc网络的安全分簇方法分为3个重要方面:认证模型、信任度量和不良节点发现。对每个方面的一些典型方案进行了分类论述和综合比较。最后指出了下一步研究中应当着重考虑的问题。     

移动Ad hoc网络的密钥管理方案

Ad hoc网络的特性使其安全面临着严峻的挑战。密钥管理是Ad hoc网络安全的关键技术,文章介绍了目前典型的密钥管理方案,并进行了综合比较;最后总结指出了研究方向。     

基于规范的移动Ad Hoc网络分布式入侵检测

移动ad hoc网络是移动节点自组织形成的网络,由于其动态拓扑、无线传输的特点,容易遭受各种网络攻击。传统的网络安全措施,如防火墙、加密、认证等技术,在移动ad hoc网络中难以应用,因此提出一种基于有限状态机分布式合作的入侵检测算法。首先,将整个网络分为子区域,每一区域随机选出簇头担任监视节点,负责本区域的入侵检测。其次,按照DSR路由协议构筑节点正常行为和入侵行为的有限状态机,监视节点收集其邻居节点的行为信息,利用有限状态机分析节点的行为,发现入侵者。本算法不需要事先进行数据训练并能够实时检测入侵行为。最后,通过模拟实验证实了算法的有效性。     

Design and performance evaluation of a multi-agent-based dynamic lifetime security scheme for AODV routing protocol

Ad hoc networks are becoming an important research aspect due to the self-organization network, dynamically changing topology, temporary network life and equal relationship among member of nodes. However, all the characters of ad hoc network make the security problem more serious. Network security and trustworthiness become the key problems of the network. Denial-of-service and Black hole attacks are the two puzzles in the security of ad hoc network. There are not satisfied solutions to solve the problem. A novel multi-agent-based dynamic lifetime intrusion detection and a response scheme are proposed to combat the two types of attacks. Multi-agents are related to one route request (RREQ)–route reply (RREP) stream. One agent monitors the nodes in three-hop zone. Agent can periodically update itself by the trustworthiness of the neighbor nodes. It can efficiently improve trustworthiness, decrease computing complexity and save energy consumption for network securities. Agent security specifications have been extracted from the feature of the attacks. Multi-agents can trace RREQ and RREP messages, stream to aggregate the key information to link list and MAC-IP control table and analyze them by intrusion detection algorithm. Different security metrics are proposed to quantitatively evaluate network security performance under different attacks. Ns2 simulator is expanded to validate the security scheme. Simulation results show that a multi-agent-based dynamic lifetime security scheme is highly effective to detect and block the two kinds of attacks.     

Survey of network coding-aware routing protocols in wireless networks

In recent times, there have been many advances in the field of information theory and wireless ad hoc network technologies. Regarding information theory progression and its connection with wireless ad hoc networks, this study presents fundamental concepts related to the application of the state-of-the-art Network Coding (NC) within wireless ad hoc networks in the context of routing. To begin with, this paper briefly describes opportunistic routing and identifies differentiation between NC-aware and NC-based routing mechanisms in wireless ad hoc networks. However, our main focus is to provide a survey of available NC-aware routing protocols that make forwarding decisions based on the information of available coding opportunities across several routes within wireless ad hoc networks. The taxonomy and characteristics of various representative NC-aware routing protocols will also be discussed. In summary, we provide a comparison of available NC-aware routing schemes and conclude that NC-aware routing techniques have several advantages over traditional routing in terms of high throughput, high reliability, and lower delay in a wireless scenario. To the best of our knowledge, this work is the first that provides comprehensive discussion about NC-aware routing protocols.     

移动自组网基于簇的分布式入侵检测模型

首先结合移动自组织网络的特点和安全现状,分析了入侵检测技术在移动自组网中面临的挑战。接着,提出了改进的基于簇的分布式入侵检测模型,并将该模型与一般的基于簇的入侵检测模型进行对比,然后给出了簇首入侵检测单元的功能模块设计,最后讨论了协作检测的工作机制。     

Identity-based deniable authentication for ad hoc networks

Deniable authentication is an important security requirement for ad hoc networks. However, all known identity-based deniable authentication (IBDA) protocols are lack of formal security proof which is very important for cryptographic protocol design. In this paper, we propose a non-interactive IBDA protocol using bilinear pairings. Our protocol admits formal security proof in the random oracle model under the bilinear Diffie-Hellman assumption. Our protocol is faster than all known IBDA protocols of its type. In addition, our protocol supports batch verification that can speed up the verification of authenticators. This characteristic makes our protocol useful in ad hoc networks.     

分级的Ad Hoc网络入侵检测系统改进

随着无线网络的快速发展和移动计算应用的快速增加,移动无线网络安全问题愈加突出.入侵检测作为保证网络安全的一种有效手段已经从保护固定有线网络扩展到移动无线网络.作为无线移动网络众多实现方式之一的移动Ad Hoc网络分为平面和分级两种结构.由于其与有线网络存在很大差别,现有针对有线网络开发的入侵检测系统很难适用于移动Ad Hoc网络.本文在描述入侵检测相关技术的基础上改进了分级的AdHoc网络入侵检测系统体系结构,并给出了该系统的分簇算法,使之更好地应用于分级的Ad Hoc网络.     

A scalable multimedia QoS architecture for ad hoc networks

Communication demands have grown from separate data and voice to integrated multimedia, paving the way to converging fixed, mobile and IP networks. Supporting Multimedia is a challenging task for wireless ad hoc network designers. Multimedia forms high data rate traffic with stringent Quality of Service (QoS) requirements. Wireless ad hoc networks are characterized by frequent topology changes, unreliable wireless channel, network congestion and resource contention. Providing scalable QoS is the most important challenge for multimedia delivery over ad hoc networks. We introduce here a provisioning and routing architecture for ad hoc networks which scales well while provisioning QoS. The proposed architecture is analysed using a mix of HTTP, voice and video streaming applications over 54 Mbps 802.11 g-based ad hoc networks. The architecture is simulated and compared to well-known routing protocols using the OPNET Modeller. The results show that our architecture scales well with increase in the network size, and outperforms well-known routing protocols.     

基于博弈论的入侵检测与响应优化综述

当前网络规模急剧增加, 各类入侵过程也逐渐向复杂化、多样化的趋势发展。网络攻击带来的损失越来越严重, 针对各类安全事件的检测发现以及查处响应也变得日益困难。为了快速识别各类网络安全事件并做出相应的响应, 入侵检测与响应技术变得越来越重要。入侵检测系统(IDS)能否识别复杂的攻击模式以及分析大量的网络流量主要取决于其精度和配置, 这使得入侵检测与响应的优化问题成为网络与系统安全的重要需求, 并且成为一个活跃的研究主题。现有的研究成果已经提出了很多可以优化入侵检测和响应效率的方法, 其中, 将博弈论应用在入侵检测与响应的研究日益增多。博弈论提供了一种框架去捕获攻击者和防御者的交互, 采用了一种定量的方法评估系统的安全性。本文在分析了入侵检测与响应系统和博弈论的基本原理的基础上, 介绍了当前基于博弈论的入侵检测与响应优化问题的现有解决方案, 并且讨论了这些解决方案的局限性以及给出了未来的研究方向。首先, 详细介绍了入侵检测与博弈论的背景知识, 回顾了常用的入侵检测系统基本原理, 评估方法, 常用的数据集以及经典的安全领域中的博弈论模型。其次, 按照基于博弈论的入侵检测与响应优化问题的类型进行了分类介绍, 根据攻击的先后顺序对网络安全架构优化、 IDS 配置与效率优化、 IDS 的自动化响应优化以及分布式入侵检测架构优化等技术的研究现状进行归纳、分析、总结, 并分析了现有方案的优缺点, 进而分析可能的解决方案。然后针对将博弈论应用于入侵检测与响应中面临的挑战进行了分析与讨论。最后展望了未来的研究方向以及发展趋势。     

具有预警功能的网络监管体系结构研究

The architecture of network monitoring administration with precaution is presented. Related technologies and approaches to realize the architecture are analyzed and provided. The architecture consists of a precaution subsystem and a monitoring administration subsystem. With building an adaptive abnormal detection model and taking abnormal assessment approach, the precaution subsystem can forewarn the intrusion attempts and send the precaution information to the monitoring administration subsystem in real time. Then the monitoring administration subsystem can take some countermeasures in advance. Moreover, based on intrusion tolerance technology, the monitoring administration subsystem can reconfigure the resources and the security policies when facing active intrusions, so as to provide the expected users with timely services and ensure the security of the protected services as well.     

基于入侵容忍的分布式数据库安全体系结构

分析了分布式数据库系统的结构及其面临的安全问题,提出了一种基于容侵技术的分布式数据库体系结构。从事务处理的角度出发,结合入侵检测和容侵技术,对被攻击的部分进行定位和修复,为合法用户提供不间断的服务。采用门限秘密共享技术,实现关键数据的机密性。     

无线自组织网中的入侵检测技术

主要对无线自组织网络中的入侵检测技术做一综述,并介绍了多种不同的适用无线自组织网络的入侵检测技术,最后为无线自组织网络提出一种混合式的入侵检测系统模型,对无线自组网入侵检测技术研究有所帮助。