基于簇的移动自组网入侵检测系统研究与设计

【作者】 胡波；

【导师】 黄烟波；

【作者基本信息】 中南大学 ， 计算机应用技术， 2007， 硕士

【摘要】 随着无线通信技术的快速发展与移动终端性能的提高，移动自组网在军用和民用领域得到广泛应用，人们对于移动自组网安全性、可靠性要求随之俱增。因此，移动自组网的网络安全问题成为当前网络方向研究热点之一。移动自组网具有介质开放、拓扑结构高度动态等独特特征，特别是各节点缺乏物理保护，易被捕获，导致攻击从内部产生，而传统密钥设置与认证等方案无法对抗此类攻击，因此入侵检测作为移动自组网安全防范的第二道设施，是其获得高抗毁性的必要手段。移动自组网入侵检测系统能否高效，系统体系结构是关键问题。通过分析移动自组网网络拓扑结构，决定将簇结构用于移动自组网入侵检测系统中。同时针对现有移动自组网分簇算法的不足之处，提出基于按需加权的NTDR(DWNTDR)，并模拟和比较各分簇算法，该算法综合考虑了影响移动自组网性能的节点度，速度等多种因素，更适合移动自组网入侵检测系统。对于入侵检测系统来说，入侵检测输出信息显得格外重要。因此根据移动自组网独特特性及本移动自组网入侵检测系统需要，并参照IDMEF数据模型，提出并设计了AdhocIDMEF数据模型，以适应移动自组网和本移动自组网入侵检测系统。在详细分析移动自组网安全需求、总结当前该领域研究现状以及以上研究的基础上，设计了一种基于簇的移动自组网多层分布式入侵检测系统CMDIDS-MANETs。该入侵检测系统能够有效提高移动自组网安全性和系统资源利用率，增强系统对分布式攻击的协同检测能力和入侵检测率，并降低网络通信负荷和减少误报率。更多还原

【Abstract】 With the rapid development of wireless communication technology as well as the improved performance of mobile terminal, Mobile Ad Hoc Networks (MANETs) have been widely used in military and civil, and the requirements for security and reliability of MANETs increase steadily. Therefore, the network security in MANETs has become an interesting research topic.The nature of MANETs such as the open medium, dynamically changing network topology and so on, especially the nodes with inadequate physical protection are receptive to being captured, then attacks come from within the network by a compromised node, but the traditional key management and authentication, etc. security solutions can’t confront these attacks, so as the second line of defense, intrusion detection is the necessary means of getting the high survivability.The IDS system architecture in MANETs is the. key problem for IDS’s efficiency in MANETs. By a analysis on topologic structure in MANETs, we decided to use clustering structure in IDS in MANETs. At the same time, we proposes a improved NTDR, on-demand weight NTDR(DWNTDR), based on the question and lack of the existing clustering algorithms. The algorithm has synthetically considered the degree and velocity, etc. factor of MANETs, which is proved by simulation to have better adaptability for MANETs with its dynamic topologic structure, and being suitable for IDS in MANETs.Export information of IDS is very important for IDS, So due to the unique characteristics of MANETs and requests of IDS in MANETs and refering to the IDMEF data model, we put forward and designed AdhocIDMEF data model to fit the MANETs and IDS in MANETs.It gives a thorough analysis on the of security requirements of MANETs and summarize research in the field and research above, then a cluster-based multilayer distributed intrusion detection system in MANETs has been introduced (CMDIDS-MANETs). This system can enhance the security, resource utilization ratio, collaborative detection capability of intrusion detection and detection rate, and can also reduce the communication load and alarm ratio.更多还原