Research On Technology Of Intrusion Detection For Mobile Ad Hoc Networks

The nature of mobile ad hoc network makes it very vulnerable to an adversary's intrusions and attacks, and yet many of the proven security measures in a fixed wired network turn out to be ineffective in mobile ad hoc network. The technology of intrusion detection presents a second wall of defense and has become the hotspot of research on mobile ad hoc network.Firstly, this thesis analyzes the challenges that the technology of intrusion detection faces in mobile ad hoc network along with the features and security status of mobile ad hoc network. After typical models of intrusion detection for mobile ad hoc network have been analyzed and researched, the model of cluster-based distributed intrusion detection system,"CBD-IDS"is put forward. In this model, nodes are divided into cluster heads, assistant cluster heads and common members by the function of intrusion detection. Common members are charged with a spot of tasks such as local detection. Cluster heads are charged with management of the whole cluster and more complex tasks of intrusion detection such as cooperative detection and neighboring nodes detection besides local detection. Assistant cluster heads are designed for monitoring and detecting the actions of cluster heads. This design can ensure the efficiency of detection, reduce the overhead of detection and enhance the reliability of detection system to a certain extent.The design approach of how to generate clusters is an important part of research on cluster structure. This thesis puts forward a method to generate clusters based on the reliability of cluster head and the stability of cluster structure in the model of CBD-IDS. The reliability of cluster head means cluster head election depends on the reliability grade of nodes. That is to say, the one whose reliability grades are greater than the election threshold can take part in the election. The meaning of the stability of cluster structure is to elect the node whose relative mobility is the lowest in nodes taking part in election. The definition and algorithm of the reliability grade and the relative mobility of nodes are presented. The proposed method of cluster generation is compared with the lowest ID algorithm in terms of average number of clusters and the number of cluster head changes in the simulation by NS2.In addition, attacks from malicious nodes of inner network have become an important problem. The design of CBD-IDS model presents the technology of neighboring nodes detection based on the reliability grade of nodes combining with matching rules, which deals with detecting and locating the malicious nodes. The thesis brings forward the principle and process of the technology of neighboring nodes detection, as well as the mechanism of updating and maintaining the reliability grade of nodes in the process of detection and design of matching rules. Simulation of neighboring nodes detection is based on academic analysis according to actual attacks. The result of simulation indicates that the technology of detection based on the reliability grade of nodes can make up the limitation while using matching rules solely.The reliability grade of nodes in this thesis is a general metric which is able to evaluate nodes. It can be used for detecting intrusions and attacks directly, as well as selecting out the nodes that have desired grades of validity and security to carry out relevant functions in CBD-IDS model.The intrusion detection model proposed in this thesis lays a foundation for the realization of better intrusion detection system in the future.