本文提出了一种基于定时自动机的分布式入侵检测方法,适用于移动自组网(MANET)。由于MANET的开放性、动态拓扑和缺乏集中监控,其易受攻击。该方案采用聚类检测策略,周期性选择监控节点来本地检测并协同进行全局入侵检测。通过手动抽象DSR路由协议的正确行为构建定时自动机,监控节点能够验证所有节点的行为,实时检测攻击,而无需签名或训练数据。相较于每个节点独立的IDS代理,此方法在保持同等检测效果的同时提高了效率。最后,通过仿真实验评估了该入侵检测方法的有效性。
摘要:
Mobile ad hoc networking (MANET) has become an exciting and important technology in recent years, because of the rapid proliferation of wireless devices. Mobile ad hoc networks is highly vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, and lack of centralized monitoring and management point. The traditional way of protecting networks with firewalls and encryption software is no longer sufficient and effective for those features. A distributed intrusion detection approach based on timed automata is given. A cluster-based detection scheme is presented, where periodically a node is elected as the monitor node for a cluster. These monitor nodes can not only make local intrusion detection decisions, but also cooperatively take part in global intrusion detection. And then the timed automata is constructed by the way of manually abstracting the correct behaviours of the node according to the routing protocol of dynamic source routing (DSR). The monitor nodes can verify the behaviour of every nodes by timed automata, and validly detect real-time attacks without signatures of intrusion or trained data. Compared with the architecture where each node is its own IDS agent, the approach is much more efficient while maintaining the same level of effectiveness. Finally, the intrusion detection method is evaluated through simulation experiments.
展开
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
