A Research On Intrusion Detection Models And Methods For Routing In Mobile Ad Hoc Network

Mobile Ad Hoc Network is a new type of wireless mobile communications network, whose node does not rely on any fixed infrastructure and management center. It has characteristics of self-organizing, dynamic topology, limited resources, multi-hop communications and so on. The application of Ad Hoc Network has aroused widespread concern of the academic and industry circles in the field of military tactical communications, emergency communications, wireless sensor network, Pervasive computing, and the combination of Ad Hoc Networks and cellular mobile communication systems.As the unique structure and features of the mobile Ad Hoc Network, all nodes participate in network routing, so the security of the routing protocol is particularly important. But at present, routing protocols such as DSR, DSDV, AOVD and etc. lack the security mechanisms and face a variety of attacks and security threats. Therefore, the security of Ad Hoc Networks has become a hot topic in the academic researches all over the world. However, almost all the present researches on the security of routing protocols have focused on the design and development of it. Few have done researches on the routing protocol vulnerabilities through detection and prevention to achieve secure routing.This paper depends on the projects such as the National Natural Science Foundation, Outstanding Youth Fund of Hunan Province, the Natural Science Foundation of Hunan Province, Science and Technology Projects in Hunan Province and Excellent Youth in the Department of Education in Hunan Province. According to the specific characteristics of Ad Hoc Networks, the paper is based on intrusion detection techniques, taking the widely-applied AODV routing protocol as an example and FSM, fuzzy inference and statistical learning as tools to analyze the various attacks aiming at AODV routing protocol and to realize secure routing based on intrusion detection techniques. The paper aims to make a study on the structure of novel intrusion detection system, selecting the right intrusion features to construct test models, designing and developing recognition algorithm of high efficiency and good performance to identify and classify intrusive data and validating its effectiveness through the NS-2 network simulation experiments. This paper is composed of the following six aspects of specific research contents:(1) This paper investigates a variety of attacks and threats which mobile Ad Hoc Networks faced according to its characteristics and analyzes the typical working principle and security vulnerabilities of AODV routing protocol.(2) It is based on a fixed zone, designing the intrusion detection system model of AODV routing protocol and the detection model of node. In the wireless Ad Hoc Networks, because there is no fixed network infrastructure such as firewalls, gateways, and others, IDS can not collect the global trial data the same as the wired networks, whose log can only be partial and fractional. Designing an IDS structure system which is more suitable for self-organization and mobile feature of network routing protocols is the key to the paper. This paper puts forward a new Ad Hoc Network intrusion detection model-CRIDMAN (Combined Routing Intrusion Detection Model for Mobile Ad Hoc Network) based zone, which combines the finite state machine (FSM) Misuse Intrusion Detection methods and fuzzy logic and support vector machine (SVM) statistical learning.(3) It analyzes the reliable formalization of AODV protocol. FSM can express the temporality of the most important protocol elements (state and time), as well as the relationship which the state changes with the incidents. The analysis of FSM-based routing protocol has been widely applied to the wired network. Some works also proposed Ad Hoc Network routing protocol analysis of FSM on DSR and so on to protect against malicious behavior. This paper analyzes the AODV protocol finite state machine and detects common attacks on the routing protocols such as black hole attacks, resource consumption, drop packet, etc., and verifies its effectiveness through experiments.(4) This paper analyzes and studies the Classification and Regression Tree algorithm, regarding it as an important network parameters training and selection algorithm through introducing Six Sigma to compute the thresholds which identify important network parameters of attack.(5) This paper introduces the Threat Index to quantify the mobile Ad Hoc Network routing vulnerability and the level of security threats according to the characteristics of fuzzy logic. It also determines the level of threats by comparing TI values calculated by the fuzzy inference system (FIS) and TI values which are in the state of normal, uncertain and the threat state. Furthermore, it verifies the effectiveness of the method through a large number of experiments.(6) In the aspect of pattern recognition, the Support Vector Machine (SVM) has been proven that it has a good detection performance. It can capture the feature of intrusive behavior by analyzing the characteristic of attack behavior. It can successfully apply SVM detection algorithm for the second phase of detecting to the network behavior which is in uncertain state through the fuzzy logic detection, which will not only reduce the spending produced by SVM algorithm, but also ensure the overall detection performance of the detection model.