| Advancing automobile industry has brought us convenience, but it arises a lotof questions, too, such as urban traffic congestion, road traffic accidents, and traffic safety ininclement weather etc. As a special kind of mobile ad hoc network, Vehicular Ad hocNetworks (VANETs) of which vehicles are basic information units can ensure traffic safety,avoid road congestion and improve travel comfort by the real-time information interactingamong vehicles or between vehicle and roadside facility. However, for the characteristics ofhigh-speed mobile and frequent topology change, traditional security mechanisms can not besimply transplanted to VANETs. Broadly speaking, security mechanisms of VANETs aredivided into prevention-based and detection-based security mechanism. The prevention-basedsecurity mechanism refers to achieve access control with key management or authentication,while the detection-based security mechanism is mainly about intrusion detection. Typically,the prevention-based defense strategies become powerless once those malicious nodes havejoined in VANETs. Here, as a detection-based security mechanism, the intrusion detectiontechnology can be a good supplement. Intrusion detection system is a kind of networksecurity devices. It monitors the real-time network transmission. Once it finds suspicioustransmission, the system will raise the alarm or take active response measures.Anomaly-based and misuse-based intrusions are two most common classifications ofdetection system. For the effectiveness of the intrusion detection method is closely related tothe network structure and network characteristics, and relative literatures suggest that thecurrently intrusion detection system applicable to VANETs is quite rare. Therefore, thisthesis is a study on the anomaly detection method for VANETs. The main contributionincludes the following aspects:First, aiming the characteristics of VANETs, analyze and summarize the communicationperformance, the possible security threats of VANETs and the features of intrusion detectionmodel that VANETs should have.Second, propose a distributed intrusion detection model applicable to VANETs,including architecture, security policy, and intrusion detection process. This system realizesthe cooperate detection between vehicle nodes and the online learning function of anomalyfeatures in the environment of distributed network, reduces the complexity of traditionaldistributed intrusion detection system in VANETs where exist the characteristics ofhigh-speed mobile and frequent topology change, and improves the efficiency of learning.Finally, propose a local intrusion detection algorithm based-on improved Naive Bayes:use the method of equal-width-intervals discretizing continuous attributes; introduce Laplace smoothing to estimate unobserved probabilities of attacks from observed attacks; utilizehalf-life update method to continuously update the library of local characteristics. Theimproved algorithm effectively overcomes the limitations of unreasonable assignment forprobability and unhandled continuous attributes in data which appear in Naive Bayesalgorithm, so that the local intrusion detection system significantly reduces the false positiverate, under the premise of maintaining a higher detection rate and lower missed detection rate. |
PDF Full Text Request