The Research Of Intrusion Detection System Based On WLAN

As a new network security technology, intrusion detection technology can detect sorts of malicious attacks in time and respond when the net system is endangered. It is a reasonable supplement to traditional security technology such as firewall, and belong one of the research hot of the computer networks. Along with the applications of the WLAN in-depth, the wireless LAN intrusion detection systems have received increasing attention.In the paper, after in-depth analysis of current WLAN security issues facing major problems, a new small distribution wireless intrusion detection system basing on linked layer is presented according to the characteristics of WLAN, and provides the system model architecture diagram and the main flow steps of the system model using the philosophy of the module design, and provides the implement of key models. The system is made up of the detection agent and the center of control, the detection agent includes the package collection model, the detection and analysis engineer model ,thd communication model. Each detection agent can run independently, and work in coordination and exchange information with each other.It is carried on unified management by the control center, which makes every agent in the system give full play to its own functions.It simplifies the complexity of data interchange among other agents. After an Intrusion characteristic libraries based on attacking behavior of the WLAN is builded and the Winpacap function is used to captures the wireless transmission data in the linded layer,and transfer the data package to the analysis engineer model. An AC automation matching algorithm to analyze characteristics of the libraries. The system can deal with the legality MAC frame in net layer, in this layer the IP package, TCP package and ICMP package is dealed with and analyzed mainly.It is proved by theory and small experiment that the new Intrusion detection system can real time detect the wireless network intrusion behavior of War Driving, Rogue AP and MAC address spoofing, and the new Intrusion detection system can also be used to protect the security of WLANS in some fields.