Research And Simulation On Intrusion Detection Mechanism Based On Behavior Of Nodes In Hierarchical Ad Hoc Networks

As a kind of centreless, self-organized networks, Ad Hoc networks becomes a hotspot, because it has inherent advantages such as ease of setup and mobility and it is suitable for various special occasions. With the expansion of application and scale of networks, hierarchical network have been played more and more attention to. In hierarchical Ad Hoc networks, cluster header and gateway which take on the majority tasks compose of backbone network, it is vulnerable to be attacked due to its unique characteristics. Therefore the security question becomes an important problem to be solved.According to the characteristics and safety requirements of hierarchical Ad Hoc networks, an intrusion detection mechanism based on the behavior of nodes is proposed, consisting of four models, node behavior model, data collection, intrusion detection and intrusion response. Depending on the behavior of nodes dealing with different packets in routing protocol, a standard behavior model of nodes is established. In data collection model the behavior of nodes are monitored and collected by the mobile agent. Then related information of node behavior is periodically extracted and matched with the standard behavior model to distinguish the misbehavior nodes by cluster header, and furthermore, to locate attacking nodes using fuzzy method in intrusion detection model. The response model limits the harm of attacking activities to the network by a series of actions, such as black list, isolation and routing reconstruction so as to guarantee the normal communication.Detecting performance and network performance confronted with attacks are simulated in network simulator software for intrusion detection mechanism based on the node behavior. Both in the static and dynamic environment, the simulation results show that this security mechanism can rapidly detect attacking nodes in a network, with the low false arm rate. And the network shows good routing performance after joining the intrusion detection mechanism which effectively protects security and stability of hierarchical Ad Hoc networks.