The Research Of The Distributed Intrusion Detection System In WLAN

In recent years, with the rapidly developing of information technology, people increase their needs of network communication, demanding to communicate with anyone in anytime and anywhere under any circumstances. As an important part of personal communication, WLAN is applied extensively since its mobility, agility, flexibility and economics. Meanwhile the security of wireless network becomes the focus of researching. However, the security scheme and technology in traditional network environments are inapplicable to wireless network, for the openness of wireless network transmitted media, the mobility of wireless network terminal, the dynamic of topology, the limitation of the computation and storage ability of wireless terminal. Therefore, to explore the security theory, security methods and security technology applicable to wireless network environment is strongly necessary.Intrusion detection system (IDS), a new kind of security technology, after the traditional security technology such as firewall,encryption and so on, is used to detect the illegal attack to computer system and network system, or more broadly, the information system. Up to now, most IDS aim at LAN while those at WLAN are still in experiments. It is necessary that IDS is disposed to fit the extensive application of WLAN and to meet the increasingly need of the security of WLAN. So the research on intrusion detection technology and methods applicable to WLAN will provide valid security guarantee for the development of national WLAN.As a part of the inner research project the Research and Development of the Distributed WLAN Security Detection and Management System executed by Shandong Computer Science Center.The mainly researches and innovation based on the preceding works are as follows:(1) It summarizes the security threaten and security demands and analyses the characteristics of security threaten in WLAN on the base of analyzing the existing security technology in WLAN.(2) It proposes several detective methods of security loopholes of WLAN (channel disturbance, relative table overflow, Deauthflood attack, Rouge AP and so on) based on the method of protocol analyses statistics by analyzing the 802.11b protocol, and then applying to the IDS designed by this paper.(3) It deeply analyses the IDS---Snort-Wireless and summarize the architecture and the realizing theory of its key modules. It improves some modules of Snort-Wireless according to the demand of the system in this paper, which makes the transplant of system conveniently (for example, in the capturing packet module, replace the original way based on the Libpcap function library with the way of Socket; in the output module, delete some parts of it and preserve the database pattern only). In addition, it adds some functions according to the security threaten of WLAN, which makes the application range more widely (for example, to make the system be applied to WEP encryption network, the WEP deciphering module is added; to make the function of the system more powerful, the security loophole detecting module is added).(4) It presents a DIDS model based on three-level schema. On the basis of the above model and the improved Snort-Wireless, it designs and realizes the DIDS applicable to WLAN.(5) It demonstrates the feasibility and validity of the designed DIDS by experiments.(6) It discusses theoretically the flow allocation strategy of parallel IDS, proposing a parallel strategy of flow allocation and demonstrating the validity of the strategy through experiments.