| With the rapid development of network technology, the computer network is no longer limited to wired architecture, wireless network with the advantages of flexibility and economy is combined a beautiful landscape at today's communications world. Wireless LAN technology has rapidly developed and became a vital part of network now, and it has been applied in the rapidly expanding, at the same time the security issues received more and more attention.The openness of the wireless channel, wireless APs send wireless signals no difference to the around to achieve data transfer, have a high degree of flexibility, and also brings a lot of insecurity. The use of wireless media eliminating the need for physical cable access, same time lost a layer of effective isolation to resist the invaders. Wireless LANs use TCP/IP protocol with the same to wired LAN, and the IEEE 802.11 protocol had shortcomings, it brought attacks to wireless LAN,not only on the TCP/IP protocol with the same to wired LAN, but also on data link layer of the wireless LAN. Intrusion detection technology is an effective method to resist the invasion, although the cable network intrusion detection system is relatively mature, but cable network intrusion detection worked at the network layer and higher level, the wireless LAN data link layer can not get effective protection, so that wired network intrusion detection technology can not directly applied to wireless LAN. There is relatively little research about wireless LAN intrusion detection technology and needed specialized research.This paper firstly studies the function and structure of the IEEE 802.11 protocol frame, working mechanism of the wireless LAN and variety of encryption protocols, and base on the research analyzed and compared two data sources from wireless LAN intrusion detection system, using the original frame acquisition mode for the wireless network intrusion detection. Secondly analysis the wireless LAN vulnerability of IEEE 802.11, described the attacker's attack method often used, through the current situation analyzed the way and characteristics of wireless intrusion. Based on the existing invasion and defense technology about wireless LAN, this paper designed a wireless LAN intrusion detection program based on data link layer, proposed a solution based on identity detection of access equipment to detect camouflage device. Finally designed a wireless LAN intrusion detection system in accordance with this solution, the main functions has been achieved, the effectiveness of the system was verified.Experimental results show that the system can prevent MAC address spoofing and DoS attacks, limit the efficiency of attackers and reduce the burden on the network which further improve the performance of wireless LAN security, can provide reference for further wireless LAN intrusion detection system research in theory. |
PDF Full Text Request