【作者】 易珺；

【导师】 吴世忠；

【作者基本信息】 华中科技大学 ， 计算机系统结构， 2006， 硕士

【摘要】 使用IEEE 802.11协议的无线局域网(Wireless LAN, WLAN)当前已经有了广泛的市场应用,但是由于无线网络开放性的特点和802.11协议自身存在的缺陷,无线局域网的安全性一直受到各种各样入侵方式的威胁,对其发展造成了不小的影响。无线局域网面临的威胁最初还只是未授权用户访问网络资源,网络错误配置(安装未授权访问点)和通过嗅探器进行非法窃听等初级方式,而现在更为常见的是一些更高级的主动攻击方式,例如MAC地址欺骗、中间人攻击和拒绝服务攻击。由于大部分无线局域网都将连接扩展到了有线网络,因此很多情况下无线局域网也成为了入侵有线网络的起点。针对无线局域网当前存在的安全问题提出了一种无线局域网入侵防范及响应系统的设计方案。整个系统由单个控制中心和若干个代理节点构成一个接入网络,部署在无线局域网和原有网络之间。代理节点不但作为访问点(Access Point, AP)连接到接入网络的入口,还能检测无线局域网内的入侵行为,并及时通知控制中心。控制中心负责实时监控整个无线网络的安全情况,对代理节点检测到的可疑行为作进一步判断后确定性质,并控制代理节点对入侵行为做出适当的响应。系统根据无线节点的接入状态和发送MAC帧的关系判断无线站点行为是否正常,从捕获的无线通信中分析入侵行为,并能根据某些无线入侵工具通信中的特点检测网络内是否在运行该软件。通过测试结果,表明该系统能有效的检测无线局域网的入侵行为,在一定程度上提高了无线局域网的安全性。更多还原

【Abstract】 Wireless LAN (WLAN) using the IEEE 802.11 protocols are being widely applied in the market. However, due to WLAN’s feature of being open and the deficiencies of the IEEE 802.11 protocols themselves, the security of WLAN is always being threatened. The situation affects their development significantly.At the very beginning, WLAN security is threatened just by some basic attacks, including unauthorized access to network resources, network misconfigurations like installation of rogue access points, and illegal sniffing or eavesdropping via promiscuous mode. Now active and advanced attacks, such as MAC spoofing, Man in the Middle attacks or Denial of Service (DoS) attacks are more prevalent. Because most WLAN have connection with LAN, WLAN become the entry of intruding LAN in some instances.Aimed at the security problem existing in WLAN, a WLAN intrusion detection and response system has been designed. The system that consists of a single control center and several agents is deployed between WLAN and LAN. The agent is not only the entry for AP to access LAN, but also be able to detect intrusion activity in WLAN and notify the suspected activity to the control center immediately. The control center is responsible to monitor the WLAN security in real time, identifies the threats detected by agents and makes agent respond properly against the threats.According to the relationship between the status of station and MAC frame sent by station, the system can discover unauthenticated stations. In addition, the system can detect some WLAN discovery tools by analyzing its communication. It is proved in the test that the system is capable of detecting WLAN intrusion activity effectively and protects network from some attacks to some extend.更多还原