Design And Simulation Of Intrusion Detection System In Wireless Mesh Network Based On Social Network Analysis

Wireless Mesh Network (WMN) is anticipated to resolve the limitations and to significantly improve the performance of existing wireless networks. Due to its properties of dynamically self-organized and self-configured, as well as in a fast, simple and low cost way to build, WMN has a large variety of applications in personal, local, campus, and metropolitan areas. However, the characteristics of multi-hoping and flexible topology structure also bring numbers of security problems to the WMN, making it more vulnerable. As an initiative and real-time defense, intrusion detection system (IDS) should be an important part of the security guarantee for WMN.Current IDSs in WMN can not satisfy the needs of low overhead, good precision, and real-time property well. Aiming at solving the problems mentioned above, an IDS in WMN based on social network analysis (SNA) is proposed in this thesis. It focuses on developing a monitoring nodes selection algorithm, a feature extraction method and an anomaly detection scheme combined with clustering and support vector machine (SVM).There are few researches on selecting monitoring nodes in IDS as well as the effects on detection accuracy, overhead and network throughput. In this thesis, a method of selecting monitoring nodes based on SNA is firstly proposed to direct at these issues. To find a set of nodes with minimized size acting as monitoring nodes, whose influence can cover all of the nodes in the network, graph theory is used. Since the nodes assigned to the same cluster based on SNA have stronger connections as well as smaller topological distance, the IDS can reduce redundant detection overhead, improve realtime property and gain more effective information simultaneously. Simulation results show that selecting monitoring nodes in the proposed method makes IDS provide better network throughput and lower total overhead.In order to ensure realtime property and precision when detecting, an anomaly detection scheme combined with clustering and SVM is proposed in this thesis. At the beginning, for the sake of improving the accuracy of detection, feature extraction based on information gain ratio (IGR) method is used to remain the features that play most important part in distinguish attacks. On the basis of feature extraction, an clustering algorithm named Davies-Bouldin Index based on partition and density (DBI-PD) algorithm is proposed for data clustering pre-processing, making the samples with similar properties assemble in the same cluster. Finally, so as to reduce the time of constructing support vector, this thesis selects samples in the clustering regions near the boundary of different samples as a new training samples set for SVM, through the proposed neighboring area sample reduction method. Simulation results show that the proposed anomaly detection scheme can effectively improve real-time property and accuracy of detection.