The Research Of Key Problems On Modeling And Detecting Wireless Network Attack

The opening character of wireless access medium lead many security issues. Research of wireless security focus on physical layer, MAC layer and network layer, and some of key points include:the definition of attack method, establishment of attack model, detection and defense mechanisms against attack. It’s instructive to the research if we can establish an accurate model about various attack and quantitative analysis the performance of network. Although some analysis model have been proposed, the veracity and practicability of these models are not perfect.The purpose of the thesis is to establish theoretic model and analysis attack effects in the view of probability about wireless network under random jamming, intelligent jamming and selfish behavior. Character parameters that depict attack behavior can be extracted through transformation of measured parameter, and detecting model can be established, and this work will plays important role to support the research of countermeasures of wireless attack. Methods to achieve rushing attack of SAODV and to separate malicious node are proposed.Contributions and innovations of the thesis as below:(1) Effects of random jamming on performance of wireless network and jamming detection methods are considered.(i) A MARKOV model with a jammer in the IEEE802.11DCF wireless network is established;(ii) a novel jamming detection model is proposed, of which through measure idle slots of wireless channel, packet sending probability of wireless node can be estimated, and the theoretic successful transmission probability that without jammer can be computed, and compare with the measured probability, the jammer can be detected;(iii) validation of the model is performed through NS2network simulator.(2) Effects of intelligent jamming on performance of wireless network and jamming detection methods are considered.(i) A state transition model of wireless channel under intelligent jamming is established;(ii) detection method based on channel state transition is proposed, and the probability of jamming can be estimated;(iii) validation of the model is performed through NS2network simulator.(3) Selfish behavior based on backoff window reduction is considered,(i) A MARKOV model on wireless network with backoff reduction selfish node is proposed, collision probabilities of selfish and normal node are computed, by which the probability of backoff slots between two successful transmission of the same node is obtained;(ii) The probability of backoff slots is mainly lies no more than backoff window, so compare the distribution of specific node to the average of network nodes that lies between0-32, the selfish behavior node can be detected,(iii) Based on the character that the curve of probability density of backoff slots appears steep, a method to estimate selfish parameter is proposed;(iv) validation is performed through NS2simulator.(4) Selfish behaviors base on NAV extension and DIFS reduction are considered.(i) A performance analytic model on NAV extension behavior is established;(ii) Quantification result of backoff value advantage by DIFS reduction is analyzed;(iii) A NAV extension selfish behavior detection method is proposed, which by compute the probability of different time slots that from the channel become idle state to transmit state, and the NAV extension parameter is estimated;(iv) A detection method on DIFS reduction and a parameter estimation method are proposed; when the backoff value equals zero, the interval from channel idle to channel busy is the DIFS time, so selfish behavior can be detected by checking the interval;(v) validation on the analytic model, detection model and parameter estimation are performed through NS2simulation.(5) A rushing replay attack on security routing protocol SAODV is proposed; The malicious node can be separated through set the affected node to inactive state; it is proved that the malicious node can be completely separated no more than five round; nodes that lies in the coverage of malicious node become inactive state, which cannot relay data, but can send data as a source node or receive data as a destination node.