Ad Hoc网络入侵检测系统研究
|
摘要
Ad Hoc网络又称为移动无线自组网,是一种拓扑结构动态变化、多跳、无基础设施的无线网络。它既不依赖于任何固定的基站,也不需要集中的管理,而是通过移动节点间的相互协作、自我组织,来实现网络连接和数据传递。Ad Hoc网络其建网方式灵活、配置快捷方便、构造成本较低等优势,使得它从军事领域逐渐推广于商业和民用环境。
由于它在各个领域中的应用越来越广泛,对Ad Hoc网络的研究逐渐成为了一个热点问题。移动Ad Hoc网络由于其没有固定基础设施、拓扑频繁动态变化、无线信道完全开放、节点的恶意行为难以检测、网络缺乏自稳定性的特点,特别容易受到各种攻击,它比传统的无线网络面临更多的安全威胁,同时也更难建立有效的防御措施。入侵检测作为保障Ad Hoc网络安全的第二道防线,有着十分重要的作用。
本文对Ad Hoc网络安全和攻击方式进行分析,将攻击分为路由逻辑和流量模式两大类。路由逻辑类攻击可以通过安全路由协议来防范,保证路由信息的安全性和可靠性。针对流量模式类攻击,本文提出一种基于数据链路监视的攻击检测机制。数据传输链路上的节点在获得可靠路由信息基础上,互相监视上下游节点的行为,从而保证数据传输链路的安全,理论分析和仿真结果验证了这种机制的有效性。
Ad Hoc network , which is also called MANET (Mobile Ad hoc NETwork), is a collection of wireless computers, communicating among themselves over possible multi-hop paths, without the help of any infrastructure, such as base stations or access points. Nodes in mobile Ad Hoc network collaboratively contribute to routing functionality by forwarding packets for each other to allow nodes to communicate beyond direct wireless transmission range, hence practically all nodes may act as both hosts and routers. Mobile Ad Hoc networks require no centralized administration or fixed network infrastructure and can be quickly and inexpensively set up as needed.
With the rapid proliferation of Ad Hoc network in many areas, the Ad Hoc network has become an exciting and important technology in recent years. The features of the Ad Hoc network include infrastructureless, multi-hop, mobility and so on, which makes it very vulnerable to an adversary's malicious attacks and more difficult to prevent the intrusions than in traditional wired network. Therefore, intrusion detection which presents a second wall of defense is a necessity in any high-survivability network.
In the thesis, the attack behaviors are divided into two kinds, including route logic compromise and traffic pattern distortion after the analysis on them. Route logic compromise can be prevented and detected by secure routing protocols to ensure the route information safety and reliability. The thesis presents an attack detection policy based on data link monitoring with the support of secure routing protocol, which aims at traffic pattern distortion. The nodes on data link monitor the behaviors of the previous and next nodes to assure the security of data link on a base of trustworthy routing information. Analysis and simulation results show that the policy is efficient.
由于它在各个领域中的应用越来越广泛,对Ad Hoc网络的研究逐渐成为了一个热点问题。移动Ad Hoc网络由于其没有固定基础设施、拓扑频繁动态变化、无线信道完全开放、节点的恶意行为难以检测、网络缺乏自稳定性的特点,特别容易受到各种攻击,它比传统的无线网络面临更多的安全威胁,同时也更难建立有效的防御措施。入侵检测作为保障Ad Hoc网络安全的第二道防线,有着十分重要的作用。
本文对Ad Hoc网络安全和攻击方式进行分析,将攻击分为路由逻辑和流量模式两大类。路由逻辑类攻击可以通过安全路由协议来防范,保证路由信息的安全性和可靠性。针对流量模式类攻击,本文提出一种基于数据链路监视的攻击检测机制。数据传输链路上的节点在获得可靠路由信息基础上,互相监视上下游节点的行为,从而保证数据传输链路的安全,理论分析和仿真结果验证了这种机制的有效性。
Ad Hoc network , which is also called MANET (Mobile Ad hoc NETwork), is a collection of wireless computers, communicating among themselves over possible multi-hop paths, without the help of any infrastructure, such as base stations or access points. Nodes in mobile Ad Hoc network collaboratively contribute to routing functionality by forwarding packets for each other to allow nodes to communicate beyond direct wireless transmission range, hence practically all nodes may act as both hosts and routers. Mobile Ad Hoc networks require no centralized administration or fixed network infrastructure and can be quickly and inexpensively set up as needed.
With the rapid proliferation of Ad Hoc network in many areas, the Ad Hoc network has become an exciting and important technology in recent years. The features of the Ad Hoc network include infrastructureless, multi-hop, mobility and so on, which makes it very vulnerable to an adversary's malicious attacks and more difficult to prevent the intrusions than in traditional wired network. Therefore, intrusion detection which presents a second wall of defense is a necessity in any high-survivability network.
In the thesis, the attack behaviors are divided into two kinds, including route logic compromise and traffic pattern distortion after the analysis on them. Route logic compromise can be prevented and detected by secure routing protocols to ensure the route information safety and reliability. The thesis presents an attack detection policy based on data link monitoring with the support of secure routing protocol, which aims at traffic pattern distortion. The nodes on data link monitor the behaviors of the previous and next nodes to assure the security of data link on a base of trustworthy routing information. Analysis and simulation results show that the policy is efficient.
引文
[1] Perkins C. Highly Dynamic Destination-Sequenced Distance-Vector routing (DSDV) for Mobile Computers [C]. Proceedings of SIG-COMM, 1994
[2] Murthy S, etc. An Efficient Routing Protocol for Wireless Networks [J]. Mobile Networks and Applications, 1996, 1(2) pp183-197
[3] Perkins C E, Royer E M. Ad hoc On-demand Distance Vector Routing [J]. IEEE Workshop on Mobile Computing Systems and Applications, 1999,(2) pp90-100
[4] Johnson D B. Routing in Ad hoc Networks of MobileHosts [C]. Proceedings of the IEEE Workshop on Mobile Computing Systems and Apphcations, 1994, (12) pp158-163
[5] Sarmenta Luis F G. Sabotage-tolerance Mechanism for Volunteer Computing Systems [J]. Future Generation Computer Systems, 2002, 18(4) pp561-572.
[6] Yongguang Zhang, Wenke Lee, Yi-an Huang.Intrusion Detection Techniques for Mobile Wireless Networks. Wireless Networks. 2003, 9(5) pp545-556.
[7] L Zhou, Z J Haas.Security Ad hoc Networks [J]. IEEE Network Magazine, 1999, 13(6) pp24-30.
[8] S Ghazizadeh,U llghamic,E Sirin.Security-aware Adaptive Dynamic Source Routing Protocol[C].Proceedings of the 27th Annual IEEE Conference on Local Computer Networks,2002 pp221-230.
[9] Y C Hu, etc.SEAD: Secure Efficient Distance Vector Routing for Mobile Wireless Ad hoc Networks[C]. Proceedings of the 4th IEEE Work-group on Mobile Computing Systems and Applications, 2002
[10] Y C Hu, etc.Ariadne: A Secure On-demand Routing Protocol for Ad hoc Networks[C]. Proceedings of the 8th ACM International Conference on Mobile Computing and Networking, 2002 pp12-23.
[11] Perrig A, etc. Efficient Authentication and Signature of Mulficast Streams over LossyChannels[C]. Proceedings of the IEEE Symposium on Security and Privacy,2000 pp56-73.
[12] B Dahill,B Levine,etc. A Secure Routing Protocol for Ad hoc Networks[C]. Proceedings of the 10th IEEE International Conference on Networks Protocols,2002 pp1-l0.
[13] P Padimitrators, Z Haas. Secure Routing for Mobile Ad hoc Networks[C]. SCS Communication Networks and Distributed Systems Modeling and Simulation Conference,2002 pp27-31.
[14] M G Zapata,N Asokan.Securing Ad hoc Routing Protocols[C]. Proceedings of ACM Workshop on Wireless Security, 2002 pp1-l0.
[15] A Perrig, etc.SP1NS: Securing Protocols for Sensor Networks [J].Wireless Networks, 2002, (8) pp521-534.
[16] J P Hubaux, etc. The Quest for Securing in Mobile Ad hoc Networks [J]. ACM Mobihoc, 2001 pp146-155.
[17] A Khalili,J Katz,etc.Toward Secure Key Distribution in Truly Ad hoc Networks[C]. Proceedings of the 2003 Symposium on Apphcation and the Internet Workshops,2003 pp1-5.
[18] Chlamtac I, Conti M, Liu J J N. Mobile Ad hoc Networking: Imperatives and Challenges[J]. Ad hoc Networks, 2003, 1(1) ppl3-64.
[19] S Marti, etc. Mitigating Routing Misheavour in Mobile Ad hoc Networks[C]. Proceedings of the 6th Annual ACM/IEEE International Conference on Mobile Computing and Networking, 2000 pp255-265.
[20] Y Zhang, W Lee.Intrusion detection in wireless ad hoc networks.Proc. Of the 6th annual Intl. conf. on Mobile computing and networking, MOBICOM’2000, ACM Press New York, USA, 2000 pp275-283.
[21] Albers P,Camp O,Percher J-M, etc.Security in Ad Hoc Networks:a General Intrusion Detection Architecture Enhancing Trust Based Approaches. The 1st Intl.Workshop on Wireless Information Systems, Proceedings of the 4th International Conf. on Enterprise Information Systems,2002.
[22] Oleg K,Guha R.Effective Intrusion Detection Using Multiple Sensors in Wireless Ad Hoc Networks[C].Proceedings of the 36th Hawaii International Conference on System Sciences,2002.
[23] Yi-an Huang, W Lee.A Cooperative Intrusion Detection System for Ad Hoc Networks[C].Proceedings of the ACM Workshop on Security of Ad Hoc and Sensor Networks,2003.
[24] Krishna P,Vaidya N H,Chatterjee M, etc. A cluster-based approach for routing in dynamic networks. ACM SIGCOMM Computer Communication Review,1997,17(8) pp1415-1425.
[25] B K Sun, W U Pooch. Routing Anomaly Detection in Mobile ad hoc Networks[C]. Proceedings of the 12th International Conference on Computer Communications and Networks, 2003 pp20-23.
[26] 易平,蒋嶷川,张世永,等.移动Ad Hoc网络安全综述[J].电子学报,2005,33(5) pp893-899.
[27] Yi Li,June Wei.Guidelines on Selecting Intrusion Detection Methods in MANET[C]. Proceedings of ISECON.2004 pp1022—1039.
[28] Tseng Chin-Yang.A Specification-based Intrusion Detection System for AODV[C]. Proceedings of the ACM Workshop on Security of Ad Hoc and Sensor Networks.2003.
[29] Guha R,Kachirski O,Schwatz D G.Case-based Agents for Packet-level Intrusion Detection in Ad Hoc Networks[C].Proceedings of the 17th International Symposium on Computer and Information Sciences.2002.
[30] Y Huang, W Fan , W Lee ,etc.Cross-feature Analysis for Detecting Ad-hoc Routing Anomalies[C].Proceedings of the 23th International Conference on Distributed Computing Systems,2003 pp478-487.
[31] Albers P,Camp O,Percher J-M, etc.Security in Ad Hoc Networks:a General Intrusion Detection Architecture Enhancing Trust Based Approaches.In:The 1st Intl.Workshop on Wireless Information Systems, Proceedings of the 4th International Conf. on Enterprise Information Systems,2002.
[32] Puttini R, Percher J-M, etc. A Modular Architecture for Distributed IDS in MANET. Computational Science and Its Applications – ICCSA 2003,2003 pp984.
[33] 殷智胜,陈秀真,陈晓桦.基于数据链路监视的Adhoc网络攻击检测机制.计算机工程,2008,20.
[2] Murthy S, etc. An Efficient Routing Protocol for Wireless Networks [J]. Mobile Networks and Applications, 1996, 1(2) pp183-197
[3] Perkins C E, Royer E M. Ad hoc On-demand Distance Vector Routing [J]. IEEE Workshop on Mobile Computing Systems and Applications, 1999,(2) pp90-100
[4] Johnson D B. Routing in Ad hoc Networks of MobileHosts [C]. Proceedings of the IEEE Workshop on Mobile Computing Systems and Apphcations, 1994, (12) pp158-163
[5] Sarmenta Luis F G. Sabotage-tolerance Mechanism for Volunteer Computing Systems [J]. Future Generation Computer Systems, 2002, 18(4) pp561-572.
[6] Yongguang Zhang, Wenke Lee, Yi-an Huang.Intrusion Detection Techniques for Mobile Wireless Networks. Wireless Networks. 2003, 9(5) pp545-556.
[7] L Zhou, Z J Haas.Security Ad hoc Networks [J]. IEEE Network Magazine, 1999, 13(6) pp24-30.
[8] S Ghazizadeh,U llghamic,E Sirin.Security-aware Adaptive Dynamic Source Routing Protocol[C].Proceedings of the 27th Annual IEEE Conference on Local Computer Networks,2002 pp221-230.
[9] Y C Hu, etc.SEAD: Secure Efficient Distance Vector Routing for Mobile Wireless Ad hoc Networks[C]. Proceedings of the 4th IEEE Work-group on Mobile Computing Systems and Applications, 2002
[10] Y C Hu, etc.Ariadne: A Secure On-demand Routing Protocol for Ad hoc Networks[C]. Proceedings of the 8th ACM International Conference on Mobile Computing and Networking, 2002 pp12-23.
[11] Perrig A, etc. Efficient Authentication and Signature of Mulficast Streams over LossyChannels[C]. Proceedings of the IEEE Symposium on Security and Privacy,2000 pp56-73.
[12] B Dahill,B Levine,etc. A Secure Routing Protocol for Ad hoc Networks[C]. Proceedings of the 10th IEEE International Conference on Networks Protocols,2002 pp1-l0.
[13] P Padimitrators, Z Haas. Secure Routing for Mobile Ad hoc Networks[C]. SCS Communication Networks and Distributed Systems Modeling and Simulation Conference,2002 pp27-31.
[14] M G Zapata,N Asokan.Securing Ad hoc Routing Protocols[C]. Proceedings of ACM Workshop on Wireless Security, 2002 pp1-l0.
[15] A Perrig, etc.SP1NS: Securing Protocols for Sensor Networks [J].Wireless Networks, 2002, (8) pp521-534.
[16] J P Hubaux, etc. The Quest for Securing in Mobile Ad hoc Networks [J]. ACM Mobihoc, 2001 pp146-155.
[17] A Khalili,J Katz,etc.Toward Secure Key Distribution in Truly Ad hoc Networks[C]. Proceedings of the 2003 Symposium on Apphcation and the Internet Workshops,2003 pp1-5.
[18] Chlamtac I, Conti M, Liu J J N. Mobile Ad hoc Networking: Imperatives and Challenges[J]. Ad hoc Networks, 2003, 1(1) ppl3-64.
[19] S Marti, etc. Mitigating Routing Misheavour in Mobile Ad hoc Networks[C]. Proceedings of the 6th Annual ACM/IEEE International Conference on Mobile Computing and Networking, 2000 pp255-265.
[20] Y Zhang, W Lee.Intrusion detection in wireless ad hoc networks.Proc. Of the 6th annual Intl. conf. on Mobile computing and networking, MOBICOM’2000, ACM Press New York, USA, 2000 pp275-283.
[21] Albers P,Camp O,Percher J-M, etc.Security in Ad Hoc Networks:a General Intrusion Detection Architecture Enhancing Trust Based Approaches. The 1st Intl.Workshop on Wireless Information Systems, Proceedings of the 4th International Conf. on Enterprise Information Systems,2002.
[22] Oleg K,Guha R.Effective Intrusion Detection Using Multiple Sensors in Wireless Ad Hoc Networks[C].Proceedings of the 36th Hawaii International Conference on System Sciences,2002.
[23] Yi-an Huang, W Lee.A Cooperative Intrusion Detection System for Ad Hoc Networks[C].Proceedings of the ACM Workshop on Security of Ad Hoc and Sensor Networks,2003.
[24] Krishna P,Vaidya N H,Chatterjee M, etc. A cluster-based approach for routing in dynamic networks. ACM SIGCOMM Computer Communication Review,1997,17(8) pp1415-1425.
[25] B K Sun, W U Pooch. Routing Anomaly Detection in Mobile ad hoc Networks[C]. Proceedings of the 12th International Conference on Computer Communications and Networks, 2003 pp20-23.
[26] 易平,蒋嶷川,张世永,等.移动Ad Hoc网络安全综述[J].电子学报,2005,33(5) pp893-899.
[27] Yi Li,June Wei.Guidelines on Selecting Intrusion Detection Methods in MANET[C]. Proceedings of ISECON.2004 pp1022—1039.
[28] Tseng Chin-Yang.A Specification-based Intrusion Detection System for AODV[C]. Proceedings of the ACM Workshop on Security of Ad Hoc and Sensor Networks.2003.
[29] Guha R,Kachirski O,Schwatz D G.Case-based Agents for Packet-level Intrusion Detection in Ad Hoc Networks[C].Proceedings of the 17th International Symposium on Computer and Information Sciences.2002.
[30] Y Huang, W Fan , W Lee ,etc.Cross-feature Analysis for Detecting Ad-hoc Routing Anomalies[C].Proceedings of the 23th International Conference on Distributed Computing Systems,2003 pp478-487.
[31] Albers P,Camp O,Percher J-M, etc.Security in Ad Hoc Networks:a General Intrusion Detection Architecture Enhancing Trust Based Approaches.In:The 1st Intl.Workshop on Wireless Information Systems, Proceedings of the 4th International Conf. on Enterprise Information Systems,2002.
[32] Puttini R, Percher J-M, etc. A Modular Architecture for Distributed IDS in MANET. Computational Science and Its Applications – ICCSA 2003,2003 pp984.
[33] 殷智胜,陈秀真,陈晓桦.基于数据链路监视的Adhoc网络攻击检测机制.计算机工程,2008,20.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |