Research Of The Key Techniques Of Intrusion Detection And Protection For Distributed Networks

Since distributed networks has promising future, distributed attacks become the main threaten and intrusion detection system has been transferred from single point to distributed system, the thesis named as "Research of the Key Techniques of Intrusion Detection and Protection for Distributed Networks" focuses on the distributed intrusion detection system and the secure problems in distributed networks. Distributed denial of service attacks, low-rate denial of service attacks, vulnerabilities of ECMA-368(European Computer Manufacturers Association) standard and trust wireless distributed networks are discussed. By analyzing of the protocols, reasoning in theories and testifying by simulating, the solutions are provided and the related works by other researchers are also used for references. The main contributions of this thesis are as follow:1. A Tree-Based Intrusion Detection System is proposed to detect distributed intrusions.Tree-DIDS keeps the balance between single point failure and transmission cost that is not solved by current DIDS(Distributed Intrusion Detection System). Data are stored as tree data structure rather than linearity. Traffic tree intergrates detection, sources tracing and protection. Double anomalies help to detect the intrusion accurately. The simulation results and performance analysis show that Tree-DIDS works effectively.2. Three-Level algorithm is proposed to detect low-rate DoS.As a typically new-style DoS(Denial of Service) attack, current detection techniques against low-rate DoS need higher overhead. Considering the application of networks, three-level low-rate DoS detection system helps to detect DoS attacks and distinguish low-rate DoS from flooding DoS, and finally confirms whether low-rate DoS exists. The most complex algorithm is left behind to reduce detecting overhead. The simulation results and performance analysis show that three-level detection works practically compared with current detection systems. 3. Short-time analysis algorithm is proposed to detect and protect low-rate DoS attacks in real time.Short-time analysis algorithm helps to detect low-rate DoS attacks in real time with lower complexities and shorter time comparing with frequency transfer method. Modified autocorrelation implements period estimation, which is not discussed in current research. The estimated period could be used to defense against low-rate DoS attacks. The simulation results and performance analysis show that short-time analysis algorithm can detect and prevent low-rate DoS in real time.4. By analyzing ECMA-368, two secure problems are found and three secure protocols are proposed.UWB networks specified by ECMA-368 and ECMA-369 are distributed among devices. There is no research on secure problems of handshake mechanism in ECMA-368. The thesis outlines two scenarios where they are possible to produce DoS and DDoS attacks to ECMA-368 standard, meanwhile, three modified secure protocols are given respectively. The simulation results and performance analysis shows the DoS attacks are prevented by consuming limited sources when adding three secure protocols into former standard. No new attack is produced by new secure protocols.5. A cross-layer trust network is built to protect distributed wireless networks, and a secure route protocol is provided based on trust territories.Cross-layer trust network is constructed to implement trust values' transmitting among network layers. The concept of trust territories is provided to change the way to describe trust. Sets, graphs and relations are used to build and extend trust territories. A secure route protocol based on trust territories named as TT-DSR is provided. The simulation results and performance analysis shows secure and shorter route is selected in TT-DSR, meanwhile trust territories are extended.Intrusion detection and security protection are very important and complex topics. Considering networks'polymorphisms and abundance intrusions, only a few key points are discussed. The research are supported by the National High Technology Research and Development Program("863 "Program) of China named "network securities"(No.2008AA011004), huawei foundation named "the research of short distance wireless security" in 2008 and huawei foundation named "the research of security defense in networks layer" in 2009. The last two projects have passed the acceptance of experts in huawei company.