MANET入侵检测技术的研究

移动自组网(MANET)是由移动节点自组织形成的无线网络,由于其动态拓扑的特点,容易遭受各种安全威胁,而入侵检测技术能有效地保障移动自组网的安全.对已有的分级入侵检测技术进行分析,提出一种基于区域分级的入侵检测系统(IDS),避免了对节点的重复监控及尺寸小的簇的形成,减少了节点的运算负荷与通信负荷,提高了簇头的稳定性,避免簇头频繁选举带来更多的资源消耗.     

基于FSM检测的移动自组网攻击分类研究

在移动自组网环境下,由于移动节点可能被攻击截获,导致攻击从内部产生,传统的网络安全措施难以应用,只有通过入侵检测才能发现攻击者。通过分析移动自组网的攻击类型,并构造从恶意节点发起的攻击树,采用有限状态机的思想,设计一个基于FSM的入侵检测算法。采用该算法的入侵检测系统可通过邻居节点的监视,实时地检测到节点的各种攻击行为。     

MANET基于客观信任度建模的分簇算法与分析

设计了一个客观信任度评估数学模型,然后基于能量和相对运动观点,以最大稳定链路数为测度,提出了一种最大客观信任的移动自组网分簇算法(MOTBCS).此分簇算法仅有效扩展原HELLO消息,额外代价小;并且更好考虑到了自组网中的实际约束条件,更适用于真实环境.模拟试验表明,MOTBCS与同类算法相比,能形成更稳定的簇结构,同时具有更低的通信开销和更好的运行效率.     

移动自组网中基于分簇一致性协议性能研究

提出了移动自组网中的基于分簇的一致性协议（Clustering-Based Consensus Protocol,CBCP）,CBCP协议分为分簇检测层和决策层。分簇检测层在对移动自组网分簇的同时,不可靠故障检测器（Unreliable Failure Detectors,FD）向决策层提供网络的当前状态,分簇可以合并消息,减少网络中的消息数量,节省网络资源。性能分析表明,与现有的协议相比,该协议能够显著地节省时间代价和消息代价。     

基于簇的无线传感器网络入侵检测系统

基于无线传感器网络的分簇结构,运用Agent技术设计了一个入侵检测系统.在网络中的每个节点部署IDS代理,其中包括本地检测Agent和全局检测Agent两个不同代理,分别完成不同的检测任务.提出采用蓝牙通信技术,引用蓝牙散射网形成算法TPSF构建传感器网络的簇节点层,完成簇的划分,进而对不同的Agent进行任务分配.通过限制节点的角色对算法进行改进,减轻节点的复杂度,从而使IDS代理能有效地工作,提高节点的安全系数.     

移动自组网中一种基于集群的Byzantine节点检测机制

该文主要介绍了移动自组网中一种基于集群方法的Byzantine错误检测机制。并结合CBRP,提出了一种适合移动自组网的内部出错节点清除算法。通过算法分析证明了所提出的算法可以显著减少清除具有Byzantine错误节点时所需的消息数目,降低了网络负载,有效提高了移动自组网的安全性和可信度。     

面向高动态移动自组织网络的生物启发分簇算法

分簇可以有效地提高大规模移动自组织网络的性能.但高动态的移动自组织网络具有节点移动性强、网络拓扑变化快的特点,应用传统的分簇算法会造成网络性能迅速下降,频繁的簇拓扑更新造成了簇结构的不稳定和控制开销的增加.为了解决传统分簇算法无法适应高动态的大规模移动自组织网络的问题,提出了一种基于生物启发的移动感知分簇算法,该算法对多头绒泡菌的觅食模型进行了改进,使其适用于移动自组织网络领域.由于该算法与节点的移动特性进行了结合,所以该算法可以有效地在高动态移动自组织网络中进行簇的建立与维护.实验结果表明,相较于其他传统分簇算法,本文算法提高了平均链路连接保持时间和平均簇首保持时间,使得簇结构更加稳定,提高了对高动态、大规模移动自组织网络的适应能力.     

基于感应数据值的无线传感器网络分簇算法

提出了一种无线传感器网络的分簇算法,用于协助基于簇的入侵检测方案检测网络中的各种恶意攻击行为.它将整个网络划分成若干个簇,使得簇内各传感器节点物理位置临近,并且采集的数据值接近.这一特性使得识别异常节点非常容易,并且保证入侵检测方案具有较高的检测精度和较低的误报率.该算法也使得网内数据处理变得异常简单,从而能够有效节省传感器节点的能量,延长网络的寿命.     

高动态无线自组网路由协议设计

针对节点快速移动过程中网络建立时间较长,数据端到端传输时延无法得到可靠保 障,并且由于维护动态网络连接性造成网络开销较大等方面的问题,提出了一种无线自组网 路由协议,通过分簇算法快速将网络分为多个簇,每个簇包括簇首节点、成员节点和簇间网 关节点。该协议能够应用于快速移动节点构成的高动态无线自组织网络中,实现了先应式和 反应式路由算法进行了有机结合,能够在快速变化的拓扑结构中为未知路由提供优化的路由 结果,利用较小的网络开销实现网络快速构建和数据端到端的实时传输。     

能耗均衡的无线传感器网络的入侵检测机制

针对无线传感器网络中能量有限和安全问题,本文提出了一种基于能耗均衡的无线传感器的入侵检测机制.首先在无线传感器现有的分簇模型上划分若干Sector,然后在某些节点上部署IDS,提出入侵检测的算法,利用仿真验证了本文所提出的模型与算法,结果表明可使网络节点的能耗得到有效的降低,同时提高了检测错误数据和异常节点的准确率.     

基于图论的MANET入侵检测方法

移动Ad hoc网络(MANET)易遭受各种安全威胁,入侵检测是其安全运行的有效保障,已有方法主要关注特征选择以及特征权重,而忽略特征间潜在关联性,针对此问题该文提出基于图论的MANET入侵检测方法。首先通过对典型攻击行为分析,合理选择9种特征作为节点,依据欧式距离确定节点间的边以构建结构图。其次发掘节点(即特征)间关联性,综合考虑节点邻居规模属性和节点邻居之间的紧密程度属性,利用图论所对应的统计特性度分布和聚集系数具体实现两属性。最后对比实验结果证明此方法与传统方法相比平均检测率和误检率分别提高10.15%、降低1.8%。     

A trust mechanism-based channel assignment and routing scheme in cognitive wireless mesh networks with intrusion detection

Cognitive Wireless Mesh Networks (CWMN) is a novel wireless network which combines the advantage of Cognitive Radio (CR) and wireless mesh networks. CWMN can realize seamless integration of heterogeneous wireless networks and achieve better radio resource utilization. However, it is particularly vulnerable due to its features of open medium, dynamic spectrum, dynamic topology, and multi-top routing, etc.. Being a dynamic positive security strategy, intrusion detection can provide powerful safeguard to CWMN. In this paper, we introduce trust mechanism into CWMN with intrusion detection and present a trust establishment model based on intrusion detection. Node trust degree and the trust degree of data transmission channels between nodes are defined and an algorithm of calculating trust degree is given based on distributed detection of attack to networks. A channel assignment and routing scheme is proposed, in which selects the trusted nodes and allocates data channel with high trust degree for the transmission between neighbor nodes to establish a trusted route. Simulation results indicate that the scheme can vary channel allocation and routing dynamically according to network security state so as to avoid suspect nodes and unsafe channels, and improve the packet safe delivery fraction effectively.     

Trust-aware FuzzyClus-Fuzzy NB: intrusion detection scheme based on fuzzy clustering and Bayesian rule

The dynamic nature of the nodes on the mobile ad hoc network (MANET) imposes security issues in the network and most of the Intrusion detection methods concentrated on the energy dissipation and obtained better results, whereas the trust remained a hectic factor. This paper proposes a trust-aware scheme to detect the intrusion in the MANET. The proposed Trust-aware fuzzy clustering and fuzzy Naive Bayes (trust-aware FuzzyClus-Fuzzy NB) method of detecting the intrusion is found to be effective. The fuzzy clustering concept determines the cluster-head to form the clusters. The proposed BDE-based trust factors along with the direct trust, indirect trust, and the recent trust, hold the information of the nodes and the fuzzy Naive Bayes determine the intrusion in the nodes using the node trust table. The simulation results convey the effectiveness of the proposed method and the proposed method is analyzed based on the metrics, such as delay, energy, detection rate, and throughput. The delay is in minimum at a rate of 0.00434, with low energy dissipation of 9.933, high detection rate of 0.623, and greater throughput of 0.642.

     

Internet of things intrusion detection model and algorithm based on cloud computing and multi-feature extraction extreme learning machine

With the rapid development of the Internet of Things (IoT), there are several challenges pertaining to security in IoT applications. Compared with the characteristics of the traditional Internet, the IoT has many problems, such as large assets, complex and diverse structures, and lack of computing resources. Traditional network intrusion detection systems cannot meet the security needs of IoT applications. In view of this situation, this study applies cloud computing and machine learning to the intrusion detection system of IoT to improve detection performance. Usually, traditional intrusion detection algorithms require considerable time for training, and these intrusion detection algorithms are not suitable for cloud computing due to the limited computing power and storage capacity of cloud nodes; therefore, it is necessary to study intrusion detection algorithms with low weights, short training time, and high detection accuracy for deployment and application on cloud nodes. An appropriate classification algorithm is a primary factor for deploying cloud computing intrusion prevention systems and a prerequisite for the system to respond to intrusion and reduce intrusion threats. This paper discusses the problems related to IoT intrusion prevention in cloud computing environments. Based on the analysis of cloud computing security threats, this study extensively explores IoT intrusion detection, cloud node monitoring, and intrusion response in cloud computing environments by using cloud computing, an improved extreme learning machine, and other methods. We use the Multi-Feature Extraction Extreme Learning Machine (MFE-ELM) algorithm for cloud computing, which adds a multi-feature extraction process to cloud servers, and use the deployed MFE-ELM algorithm on cloud nodes to detect and discover network intrusions to cloud nodes. In our simulation experiments, a classical dataset for intrusion detection is selected as a test, and test steps such as data preprocessing, feature engineering, model training, and result analysis are performed. The experimental results show that the proposed algorithm can effectively detect and identify most network data packets with good model performance and achieve efficient intrusion detection for heterogeneous data of the IoT from cloud nodes. Furthermore, it can enable the cloud server to discover nodes with serious security threats in the cloud cluster in real time, so that further security protection measures can be taken to obtain the optimal intrusion response strategy for the cloud cluster.     

基于聚类学习算法的网络入侵检测研究

目前的入侵检测系统存在着在先验知识较少的情况下推广能力差的问题。在入侵检测系统中应用聚类算法,使得入侵检测系统在先验知识少的条件下仍具有良好的推广能力。首先介绍入侵检测研究的发展概况和聚类算法;接着提出了基于聚类算法的入侵检测方法;然后以KDD99这类常用的入侵检测数据为例,讨论了该方法的工作过程;最后将计算机仿真结果进行了分析。通过实验和比较发现,基于聚类学习算法的入侵检测系统能够比较有效地检测真实网络数据中的未知入侵行为。     

基于移动Agent的分布式层次化入侵检测系统

在目前的入侵检测系统中 ,由于检测组件的位置固定和通信的问题 ,使得入侵检测系统本身易受到攻击 ,为此提出将内部节点封装为移动Agent。此外 ,为了保障系统的安全 ,特别讨论了移动Agent位置随机化、Agent之间安全通信、选举服务器等多种机制以提高抵抗攻击的能力     

基于模糊聚类的Linux网络动态入侵检测

提出基于模糊聚类的Linux系统异常入侵检测方式,通过对网络动态信息进行分类检测,能够降低入侵检测的漏检率,动态检测出网络数据入侵程序,避免了传统方式的缺陷.实验证明,利用基于模糊聚类的入侵检测方式能够快速、准确的检测出入侵程序,保证Linux系统安全.     

一种基于仿射传播聚类的入侵检测方法

针对基于无监督聚类的入侵检测需要预先指定初始聚类中心和数目的问题,提出了一种基于仿射传播聚类的入侵检测方法,采用了仿射传播聚类实现入侵检测,将每个数据点都看作潜在的聚类中心,通过信息迭代更新自动决定最后的聚类中心和数目,能够获得准确的聚类结果。在对KDD CUP99数据集的仿真实验中验证了方法的可行性,实验结果表明,相比传统方法能有效提高检测率。     

基于模糊C均值的数据流入侵检测算法

针对数据在性态和类属方面存在不确定性的特点,提出一种基于模糊C均值聚类的数据流入侵检测算法,该算法首先利用增量聚类得到网络数据的概要信息和类数,然后利用模糊C均值聚类算法对获取的数据特征进行聚类。实验结果表明该算法可以有效检测数据流入侵。     

自适应AP聚类算法及其在入侵检测中的应用

网络数据流量的增大对入侵检测系统的实时性提出了更高的要求,压缩训练数据可加快未知样本的分类处理速度。针对数据量过大造成压缩处理和聚类效率低下的难题,提出了一种改进的自适应AP（affinity propagation）聚类方法,采取直接关联与簇中心距离较近样本的方法,减少聚类样本数量,降低聚类时空消耗,并依据关联结果,不断调整聚类参数,精确聚类结果。2个网络安全数据集的应用结果表明,该方法可从大规模样本中有效聚出代表性子集,在保证准确率的前提下,提高入侵检测的实效性。