移动ad hoc网络的入侵响应模型

移动ad hoc网络由于动态拓扑、无线信道等特点,使得其在所有层次上都存在脆弱的安全问题.本文提出了一种基于移动agent的入侵响应模型,该模型结合了移动ad hoc网络和移动agent的移动性和自主性,采用监视agent,决策agent和阻击agent三种agent对移动ad hoc网络中的节点行为进行监视,并根据节点行为判断是否入侵,一旦发现入侵者就将其包围并阻断与其相关的报文,以达到隔离直至消灭入侵者的目的.最后,提出了下一步的研究方向.     

移动ad hoc网络中DOS攻击及其防御机制

移动ad hoc网络由于其动态拓扑、无线信道以及各种资源有限的特点,特别容易遭受拒绝服务(DOS)攻击．提出了移动ad hoc网络中一种新的DOS攻击模型——ad hoc flooding攻击及其防御策略．该攻击主要针对移动ad hoc网络中的按需路由协议,如AODV,DSR等．ad hoc flooding攻击是通过在网络中泛洪发送超量路由查询报文及数据报文,大量地占用网络通信及节点资源,以至于阻塞节点正常的通信．分析ad hoc flooding攻击之后,提出了两种防御策略：其一是邻居阻止,即当入侵者发送大量路由查询报文时,邻居节点降低对其报文的处理优先级,直至不再接收其报文．其二是路径删除,即目标节点将入侵者发送攻击报文的路径删除,以阻止其继续发送攻击报文．模拟实验证实,通过这两种方法的结合．能够有效地阻止网络中的ad hoc flooding攻击行为．     

一个用于Ad Hoc网络的分簇方法

该文提出了一种ad hoc网络的分簇方法,通过相关性来计算节点的相关度值,利用D—tree算法来对随机分布的移动节点分簇,实现ad hoc网络的层次结构的划分;并对算法进行了分析和模拟计算,得到了ad hoc网络主要技术参数之间的关系．     

Ad Hoc网络中一种基于环状分层结构的组密钥协商协议

移动ad hoc网络是一种新型的移动多跳无线网络.其自身的特征,如网络规模庞大、动态的拓扑结构、有限的计算、通信和存储能力等,使得传统的密钥分配和管理机制无法直接应用于该网络.提出了一种新的适用于移动 ad hoc网络的组密钥协商协议.该协议在环状分层结构上基于多线性映射进行组密钥的协商和分配,使得节点在密钥协商过程中具有低计算开销与低通信开销的优势,较好地解决了在移动ad hoc网络中进行组密钥协商时所遇到的节点能量受限问题,适用于移动ad hoc网络.     

保护节点资源的Ad Hoc网络DOS攻击防御机制

移动ad hoc网络由于其动态拓扑、无线信道以及各种资源有限的特点,特别容易遭受拒绝服务(DOS)攻击.在分析传统防御机制的基础上,提出了移动ad hoc网络中一种新的DOS攻击防御机制--基于优先级和缓存控制,着重保护节点的资源.     

Ad Hoc网络中一种基于相关度的分布式分簇算法

无线自组网ad hoc是一种不依赖于基础设备的无线移动网络,分簇是管理ad hoc的一种较为有效的方式。本文提出ad hoc网络中一种新的分簇算法,此算法以节点间的相关度以及节点密度作为选择簇头和分簇的标准,算法在各节点分布执行,并且通过节点间消息的传递来得到最终的簇结构。实验结果表明,该算法产生的簇结构比节点度算法更均衡,也因此在应用上具有更好的表现。     

MAIDS-Ad Hoc网络的多层分布式入侵检测系统

作为一种无中心分布控制网络— ad hoc网络 ,它的安全特性对安全防范提出了更高的要求 .入侵检测技术作为安全防范的第二道设施 ,是 ad hoc网络获得高抗毁性的必要手段 .提出了 ad hoc网络的安全性 ,在描述入侵检测技术的相关内容基础上 ,针对 ad hoc网络提出多层分布式入侵检测技术的具体实现 :MAIDS(Mobile Agent Intrusion Detection System) .MAIDS是基于信任的簇划分机制下的多层分布式入侵检测系统 .其中移动代理技术的引入使整个系统具有强的灵活性和可扩展性     

一个ad hoc网络中的簇结构模式

提出一种ad hoc网络中新的簇结构模式。采用约束特征值的概念对ad hoc网络中节点移动的约束环境进行数学抽象，定义了节点属性的数学表达式。以节点的通信能力值和状态变化值作为选择簇头节点的依据，在此基础上提出了分簇算法GM-BFS，对平面ad hoc网络进行分簇，最后使用偏移度概念实现节点在簇间的移动和动态切换。     

移动Ad hoc网络中基于控制域的网络管理及拓扑生成

结合实际的移动ad hoc网络管理研究,钟对以往ad hoc网络管理体系缺乏可扩展性的问题,同时考虑网络中节点的能力差异性,引入了动态的网络管理控制域并定义了管理控制域的生成与合并过程,在此基础上提出了一种动态分布式的ad hoc网络管理体系,并利用管理控制域的生成过程实现了ad hoc网络中的拓扑管理。仿真结果表明,网络中的管理控制域生成算法能够适应网络节点移动性的特点,具有可靠的控制域划分能力。在此基础上的ad hoc网络拓扑生成具有较好的准确性和可靠性。     

Ad hoc网络中一种基于学习Petri网的入侵检测模型

移动自组织网络是由无线移动节点组成的复杂分布式通信系统.研究了移动自组织网络的入侵检测问题,对当前Ad hoc网络上的入侵行为和入侵检测技术进行了分析,论述了学习Petri网络应用于入侵检测系统中的优势,给出了一个基于学习Petri网络的入侵检测实施模型,并在网络仿真软件ns2中对其进行了评估.     

基于实用拜占庭容错的物联网入侵检测方法

物联网入侵的检测率虽高，但面临节点能力消耗过大的问题，为此提出一种基于共识的实用拜占庭容错（PBFT）算法的入侵检测方法。首先，使用支持向量机（SVM）进行预训练得到入侵检测判定规则，并将训练规则应用于物联网中的每个节点；然后，选举出部分节点对网络中其他节点进行主动入侵检测，同时将自身的检测结果向其他节点公布；最后，每个节点依据PBFT算法判断其他节点的状态，使检测结果在系统内达到一致性。在NSL-KDD数据集上使用TinyOS进行仿真的实验结果表明，所提方法与集成入侵检测系统（ⅡDS）和双重降维双重检测（TDTC）方法相比，能量消耗平均降低12.2%和7.6%，能够有效地降低物联网的能量消耗。     

基于强化学习的无线传感器网络入侵检测攻防博弈研究

无线传感器网络易遭到各种内部攻击,入侵检测系统需要消耗大量能量进行攻击检测以保障网络安全。针对无线传感器网络入侵检测问题,建立恶意节点（malicious node,MN）与簇头节点（cluster head node,CHN）的攻防博弈模型,并提出一种基于强化学习的簇头入侵检测算法——带有近似策略预测的策略加权学习算法（weighted policy learner with approximate policy prediction,WPL-APP）。实验表明,簇头节点采用该算法对恶意节点进行动态检测防御,使得博弈双方快速达到演化均衡,避免了网络出现大量检测能量消耗和网络安全性能的波动。     

An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection

Intrusion detection system (IDS) is to monitor the attacks occurring in the computer or networks. Anomaly intrusion detection plays an important role in IDS to detect new attacks by detecting any deviation from the normal profile. In this paper, an intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection is proposed. The key idea is to take the advantage of support vector machine (SVM), decision tree (DT), and simulated annealing (SA). In the proposed algorithm, SVM and SA can find the best selected features to elevate the accuracy of anomaly intrusion detection. By analyzing the information from using KDD’99 dataset, DT and SA can obtain decision rules for new attacks and can improve accuracy of classification. In addition, the best parameter settings for the DT and SVM are automatically adjusted by SA. The proposed algorithm outperforms other existing approaches. Simulation results demonstrate that the proposed algorithm is successful in detecting anomaly intrusion detection.     

工业无线传感器网络中干扰攻击的入侵检测

针对工业无线传感器网络的干扰攻击问题,采用一种基于统计过程控制理论控制图的入侵检测方法.选择数据包投递失败率作为度量属性,计算出对应的控制图上下限,通过监视传感器节点的数据包投递失败率是否在控制图的上下限内,判断节点是否处于被干扰攻击状态;基于工业无线传感器网络标准WirelessHART中采用的时隙跳频技术,建立一种干扰攻击模型,验证入侵检测方法的有效性.仿真结果表明干扰攻击检测方法能有效的检测出节点是否处于被干扰攻击状态,并且漏检率较低,随环境恶化时漏检率变化幅度较小.     

Performance analysis of hierarchical group key management integrated with adaptive intrusion detection in mobile ad hoc networks

We develop a mathematical model to quantitatively analyze a scalable region-based hierarchical group key management protocol integrated with intrusion detection to deal with both outsider and insider security attacks for group communication systems (GCSs) in mobile ad hoc networks (MANETs). Our proposed adaptive intrusion detection technique is based on majority voting by nodes in a geographical region to cope with collusion of compromised nodes, with each node preloaded with anomaly-based or misuse-based intrusion detection techniques to diagnose compromised nodes in the same region. When given a set of parameter values characterizing operational and environmental conditions, we identify the optimal intrusion detection rate and the optimal regional area size under which the mean time to security failure of the system is maximized and/or the total communication cost is minimized for GCSs in MANET environments. The tradeoff analysis in performance versus security is useful in identifying and dynamically applying optimal settings to maximize the system lifetime for scalable mobile group applications while satisfying application-specific performance requirements.     

A swarm-based efficient distributed intrusion detection system for mobile ad hoc networks (MANET)

In mobile ad hoc network (MANET), the issues such as limited bandwidth availability, dynamic connectivity and so on cause the process of intrusion detection to be more complex. The nodes that monitor the malicious nodes should have necessary residual bandwidth and energy and should be trustable. In order to overcome these drawbacks, in this paper, we propose a swarm-based efficient distributed intrusion detection system for MANET. In this technique, swarm agents are utilised to select the nodes with highest trust value, residual bandwidth and residual energy as active nodes. Each active node monitors its neighbour nodes within its transmission range and collects the trust value from all monitored nodes. The active nodes adaptively change as per the trust thresholds. Upon collaborative exchange of the trust values of the monitored nodes among the active nodes, if the active node finds any node below a minimum trust threshold, then the node is marked as malicious. When the source receives alert message about the malicious node, a defence technique is deployed to filter the corresponding malicious node from the network. By simulation results, we show that the proposed approach is efficient intrusion detection mechanism for MANET.     

Two and three-dimensional intrusion object detection under randomized scheduling algorithms in sensor networks

We are interested in wireless sensor networks which are used to detect intrusion objects such as enemy tanks, cars, submarines, etc. Since sensor nodes have a limited energy supply, sensor networks are configured to put some sensor nodes in sleep mode to save energy. This is a special case of a randomized scheduling algorithm. Ignored by many studies, an intrusion object’s size and shape are important factors that greatly affect the performance of sensor networks. For example, an extremely large object in a small sensor field can easily be detected by even one sensor node, no matter where the sensor node is deployed. The larger an intrusion object is, the fewer sensor nodes that are required for detection. Furthermore, using fewer sensor nodes can save resources and reduce the waste of dead sensor nodes in the environment. Therefore, studying coverage based on intrusion object’s size is important. In this paper, we study the performance of the randomized scheduling algorithm via both analysis and simulation in terms of intrusion coverage intensity. In particular, we study cases where intrusion objects occupy areas in a two-dimensional plane and where intrusion objects occupy areas in a three-dimensional space, respectively. We also study the deployment of sensor nodes when intrusion objects are of different sizes and shapes. First, sensor nodes are deployed in a two-dimensional plane and a three-dimensional space with uniform distributions. Then, they are deployed in a two-dimensional plane and a three-dimensional space in two-dimensional and three-dimensional Gaussian distributions, respectively. Therefore, our study not only demonstrates the impact of the size and shape of intrusion objects on the performance of sensor networks, but also provides a guideline on how to configure sensor networks to meet a certain detecting capability in more realistic situations.     

基于模糊行为分析的移动自组网入侵检测

移动自组网络是一种不需要基础设施的网络．在这种网络中，移动节点是自组织的，并且需要互相提供网络路由服务．自组网络非常容易受到攻击，特别是内部攻击．提出了一个基于模糊行为分析的入侵检测方案，以检测网络内部的路由攻击．利用邻接节点监测，通过分析节点路由行为与路由规范的偏差，发现恶意行为．在数据分析的过程中引入了模糊路由行为分析的方法，大大降低了误报率．仿真实验表明，该方案能有效地检测出路由入侵行为，而将误报率控制在一个较低的水平．     

基于机器学习的移动自组织网络入侵检测方法

移动自组织网络是由无线移动节点组成的复杂分布式通信系统。研究了移动自组织网络的入侵检测问题,采用了一种新型的基于机器学习算法的异常入侵检测方法。该方法获取正常事件的内部特征的相互关系模式,并将该模式作为轮廓检测异常事件。在Ad hoc 按需距离向量协议上实现了该方法,并在网络仿真软件QualNet中对其进行了评估。     

椭圆曲线点乘的抗故障攻击FSM控制器设计

为提高有限状态机(FSM)控制器的抗故障攻击能力,提出一种非并发故障检测方案。方案利用线性码的故障检错特性,通过在状态机电路中建立故障传播路径来实现。设计了基于NAF编码的从左至右扫描点乘算法的安全有限状态机电路,并对该电路进行了仿真验证与分析。通过仿真验证,与并发故障检测方案相比,该设计能够在减少状态机频繁译码工作量的情况下,正确检测错误并报警,提高了抗故障攻击能力。