基于规范的移动Ad Hoc网络分布式入侵检测

移动ad hoc网络是移动节点自组织形成的网络，由于其动态拓扑、无线传输的特点，容易遭受各种网络攻击。传统的网络安全措施，如防火墙、加密、认证等技术，在移动ad hoc网络中难以应用，因此提出一种基于有限状态机分布式合作的入侵检测算法。首先，将整个网络分为子区域，每一区域随机选出簇头担任监视节点，负责本区域的入侵检测。其次，按照DSR路由协议构筑节点正常行为和入侵行为的有限状态机，监视节点收集其邻居节点的行为信息，利用有限状态机分析节点的行为，发现入侵者。本算法不需要事先进行数据训练并能够实时检测入侵行为。最后，通过模拟实验证实了算法的有效性。

Specification-based Distributed Detection for Mobile Ad Hoc Networks

Mobile ad hoc networks are highly vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, lack of centralized monitoring and management point. The traditional way of protecting networks with firewalls and encryption software is no longer sufficient and effective for those features. We proposed a distributed intrusion detection approach based on finish state machine(FSM). A cluster-based detection scheme was presented,where periodically a node is elected as the monitor node for a cluster. These monitor nodes can not only make local intrusion detection decisions, but also cooperatively take part in global intrusion detection. And then we constructed the finite state machine(FSM) by the way of manually abstracting the correct behaviours of the node according to the routing protocol of Dynamic Source Routing(DSR). The monitor nodes can verify every node's behaviour by the FSM, and validly detect real-time attacks without signatures of intrusion or trained data. Compared with the architecture where each node is its own IDS agent, our approach is much more efficient while maintaining the same level of effectiveness. Finally, we evaluated the intrusion detection method through simulation experiments.