Research Of Ad Hoc Distributed Cooperative Intrusion Detection System (ADC_IDS) Security Communication Mechanism

Ad Hoc network is a non-central control, highly dynamic topology, multi-hop communications, self-organizing network. It relies on mutual cooperation between the nodes to form a network in the mobile and complex wireless environments. Its applications are very broad, involving many aspects of life, such as military areas, disaster relief situations, and wireless sensor networks. According to its ability, Ad Hoc network is more vulnerable to attack, and many security technologies (such as firewalls, etc.) applied on cable network is not suitable for this network. In order to improve the safety of Ad Hoc network, the intrusion detection technology is applied to Ad Hoc network. However, the traditional intrusion detection method is intended for cable network or non-reciprocal cellular network, and it can not be applied in Ad Hoc network. Thanks to the feature of Ad Hoc network, the intrusion detection method applied in Ad Hoc network must be related to collaboration and communication technologies. At present, research of the Ad Hoc network intrusion detection system (IDS) is still in its infancy, some of the existing research methods are not mature, and either has its own deficiencies, or is still in the theoretical research stage, especially lack the research of the Ad Hoc network cooperative intrusion detection communication mechanism. The current research work also focused on the architecture and detection algorithm areas.In this paper, the Ad Hoc distributed cooperative intrusion detection system (ADC_IDS) based on Agent method is designed based on the profound study of the existing Ad Hoc intrusion detection method and referring to the IDS architecture proposed by reference literature [4]. The paper mainly focuses on the design of security communication mechanism between the Agent, and in the Linux environment, using the C language to implement security communications module.During the design process of security communication mechanism, a variety of technologies are applied: (1) Referring to intrusion detection message exchange format, an Ad Hoc intrusion detection message data model is designed using object-oriented technology to describe the news of intrusion detection data, and XML language is used to formally describe them; (2) An end-to-end application layer Ad Hoc intrusion detection security communication protocol is designed based on block extensible exchange protocol framework and combined with XML encryption technology. To complete the intrusion detection message transmission, a safe and transparent tunnel mechanism based on TCP / IP protocol is used; (3) Based on Ad Hoc multicast routing protocol, "one to many" data transfers during the Agent collaborative communication is achieved.Finally, we run a test containing four stationary hosts. The results show that the security communication mechanism is feasible. In order to further verify that whether the application of multicast technology will bring the burden to large-scale Ad Hoc network environment, we use OPENT simulation software to simulate an Ad Hoc network containing 50 mobile nodes, analyze the three aspects of the Agent network performance: packet delivery ratio, average delay, protocol overhead. The results show that the application of multicast technology in large-scale Ad Hoc network environment dose not bring burden to the network, but maintain good network performance in the whole communication process.