The Research And Design Of IDS In Wireless Network

As network-based computer systems play increasingly vital roles in modern society, wireless LAN rapidly become a reality in environments ranging from offices to enterprise networks because its characters. The advent of WLAN, however, has brought new IT security threats, and many traditional countermeasures are ineffective in dealing with them. Wireless access to networks, for example, cannot easily be monitored and controlled through perimeter defenses such as firewalls and proxy servers. A wireless access point may open the internal, non-protected network up to unknown and non-trusted users who are simply within communication range.When an intrusion takes places, intrusion prevention techniques, such as encryption and authentication, are usually the first line of defense, however, intrusion prevention alone is not sufficient because systems become ever more complex, while security is still often the after-thought, there are always exploitable weaknesses in the systems due to design and programming errors, or various penetration techniques. This is the reason intrusion detection becomes the hot-point now.Intrusion detection can be used as a second wall to protect network systems because once an intrusion is detected, response can be put into place to minimize damages. An Intrusion Detection collects and monitors operating system and network activity data, and analyzes the information to determine whether there is and attack occurring. An Intrusion Detection (IDS) includes software and hardware about intrusion detection.The functions of IDS include: watching and analyzing actions of users andsystems, auditing configuration and leak of systems, evaluating the integrality of data and system, recognizing attacking actions, stating abnormal actions and so on. But the intrusion detection technology we have can not be applied in wireless network efficiently.Now the intrusion detection technologies in WLAN are mostly locating in experimentation phase. For example, the Sort IDS whose code is opened puts out Sort-wireless test version, which adds Wi-Fi protocol field and key word. The intrusion detection approach is rule suit. In order to distinguish the fake AP, administrator configures APs by hand. Because the regular file doesn't have efficient regular definiens, the Sort-wireless cant work efficiently, and cant detect fake MAC and DoS attack. IBM puts forward an intrusion detection approach in WLAN in 2003, which need to connect to wire network and has some faults. The WIDZ can inspect AP and detect DoS, but it doesnt have a good system frame. A new intrusion detection approach is discussed in the paper.The paper introduces concepts, protocols and security problems of wireless network; concepts and class of intrusion detection, some intelligent approaches about intrusion detection, such as data mining and data fusion; researching about protocol analysis technology and putting forward a new intrusion detection approach based on protocol tree; finally, the principle and approaches about IDS in wireless network is discussed.The paper will contribute the development of WIDS because some new technologies are discussed:(1) The protocols and security analysis about wireless network.(2) The detailed interprets of protocol analysis and putting forward a new intrusion detection approach based on protocol tree.(3) The principles of intrusion detection about wireless network and the model is discussed.(4) The capabilities of approach is analyzed which show the advantage of it.