The Research Of Intrusion Detection System Of WLAN Based On HMM

Wireless LAN with mobility, simple installation, high flexibility and expansibility, as an extension of wired networks, has been widely used in many areas. With the wireless LAN solution continuously arising, the goal of that one can be online regardless of when and where easily been realized. Wireless LAN technology has brought us great convenience, but also posed a great security risk. As a result of the openness of wireless LAN transmission medium, and wireless LAN standards and other factors of vulnerability, wireless LAN can be easily attacked by intruders. Security has become one of the largest obstacle to the development of wireless LAN. Intrusion detection technology is an effective way to resist the intrusion of wireless LAN. There are differences between wired network and wireless network, so wired network intrusion technologies can not be directly applied to wireless LAN.The research of wireless LAN intrusion detection technology are less. Therefore more suitable for wireless LAN intrusion detection technology is needed.In this paper, the Hidden Markov Model is applied to the wireless LAN infrastructure in intrusion detection the by the analysis of the basic principles of Hidden Markov Model and the study of wireless LAN standards. The packets of wireless LAN are used for modeling; the normal data of wireless LAN is used to train the Hidden Markov Models that memory the normal system behavior WLAN packets. A intrusion will be detected, when the probability of packet data or the sequence of packet data is smaller than a given threshold. Experimental results show that the method has a lower rate of false and undetected rate. In this paper, the main work and contribution are as follows:1) Study and analyze the wireless LAN intrusion detection technology and Hidden Markov Model's basic theory.2) An intrusion detection method of infrastructure wireless LAN based on Hidden Markov Model is proposed. Observer value is determinate by partition of wireless LAN Packets. Through the analysis of 802.11 frame, the basic model, ADR-HMM model, FC-HMM model, DI-HMM model and the SC-HMM model are established.3) The wireless LAN Intrusion Detection model is established, including WLAN packet capture modules, packet analysis module, pre-processing module, Hidden Markov Model training module, Hidden Markov Model anomaly detection module. 4) Distributed Wireless LAN Intrusion Detection System is designed, including a wireless analysis terminal, the management server and console.5) A real Distributed wireless LAN Intrusion Detection experiment platform is built, and simulating attacks can been implemented to test the models.This paper is supported by the National 863 Program of China: Security Management and Analytical System of Wireless Local Area Network (2007AA01Z428)...