【作者】 张旋；

【导师】 赵岳松；

【作者基本信息】 武汉理工大学 ， 计算机应用技术， 2006， 硕士

【摘要】 近几年来网络技术蓬勃发展,网络不再局限于有线的架构,在这个追求自由的时代里,无线网络自然成为人们关注的焦点。无线网络有方便快捷的特性,英特尔迅驰技术的发布,让“无线你的无限”之概念进一步深入人心。同时,无线网络的出现,也给IT业带来了新的安全问题。因为许多传统的安全措施对解决WLAN不适应。例如,很难通过防火墙和代理服务器那样的边界防范设备来控制用户对无线网络的访问。一个无线访问点对内部的所有用户都是公开的,入侵者及不受信任的用户可以很容易的进入无线网络访问各种资源。随着黑客入侵的技术水平不断提高,攻击规模日益扩大,信息安全已逐渐发展成为信息系统的关键问题。 理想入侵检测系统的功能主要有:监视分析用户和系统的行为、审计系统配置和漏洞、评估敏感系统和数据的完整性、识别攻击行为、对异常行为进行统计、自动地收集和系统相关的补丁、进行审计跟踪识别违反安全策略的行为、使用日志记录入侵行为等。但是现有的入侵检测技术不能有效的应用于无线网络。当前,对WLAN的入侵检测大都处于试验阶段,比如开放源代码的入侵检测系统Snort发布的Snort-wireless测试版,增加了Wi-Fi协议字段和选项关键字,采用规则匹配的方法进行入侵检测,其AP由管理员手工配置,因此能很好地识别假冒AP,在扩展AP时亦需重新配置。但是,由于其规则文件无有效的规则定义,使检测功能有限,而且不能很好地检测MAC地址伪装和泛洪拒绝服务攻击。 本文首先介绍了无线网络的概念、分类,并与有线网络就安全性进行了比较,总结了无线网络存在的安全风险。然后对无线局域网协议进行了研究,重点介绍了IEEE802.11b、IEEE802.11i及中国的WAPI协议,对它们的优缺点进行了比较分析。随后介绍了入侵检测的概念及分类方法,简要介绍了神经网络、分布处理技术等几种智能化入侵检测方法;进而研究无线入侵检测技术的概念体系结构等基本理论;然后对实现无线入侵检测系统的几个关键模块进行设计,主要包括数据采集模块、协议解码模块、预处理模块、检测分析模块、规则解析模块等等;最后根据计算机技术和无线网络技术发展的方向,对无线入侵检测技术进行了展望。更多还原

【Abstract】 Network technology is developing flourishingly recently, it doesn’t localize in wired framework, wireless network is a focus that is concerned about by people in pursueing automatization age. Wireless network is convenient and fast.The issuance of Intel technology makes the concept of "wireless, limitless" penetrate with people’s heart more and more. At the same time the coming of wireless network bring new security problem to IT. Because many traditional security way is not fit in with WLAN. For example, it is difficult to control user to access wireless network by firewall and agent server. Because a wireless access point is public to all inside user, intruder and distrustful user can enter wireless network to access all kinds of source easily. With the ceaseless improvement of Hacker’s intrusion skill and the enlarging increasingly of attack area, information security has became a important problem concerning with information system.The function of Ideal IDS include watching and analyzing the action of user and system, auditing configuration and leak of system, evaluating susceptive and integrality of data, distinguishing from attack action, Statisticing unconventional action, collecting automatically mend that is interrelated with system, auditing, following and distinguishing from action that disobey security strategy, making log to record Intrusion action and so on. But existing IDS is not fit in with WLAN. Currently it is at the testing moment to detect the Intrusion to WLAN, for example, IDS-Snort that open source code has issued alpha stage Snort-wireless, this edition add Wi-F protocol field and optional keyword, adopt rule-suited way to detect Intrusion, its AP is configured handmadely by Administrator, so it can distinguish from fake AP, and we needs reconfigure it when we extend AP. Because these regular files have not effective rule to define, its detection function is limited and it can not detect these attack including MAC address disguise and flooding service resistance.At first this article introduces the concept and class of wireless network, compares security to wired network, and summarizes existent security risk of wireless network. Then this article research protocol of WLAN, introduceemphatically ffiEE802.11bx IEEE802.11i and Chinese WAPI protocol, and compare and analyse their excellence and defect. Subsequently this article introduce the concept and taxonomy, and introduce some intelligentize Intrusion briefly Detection way including NN, distributed disposal technology;more research concept system framework of wireless IDS. And then design some pivotal module to realize wireless IDS, including data collecting module, protocol decoding module, pretreatment module, detection and analyse module, rule parsing module and so on. At last based on developmental direction of computer and wireless network technology, this article expect wireless IDS.更多还原