| With the rise of wireless network technology, people are now in Wireless LAN everywhereand everytime, it is now part of people’s daily life and work, or even a kind of survival style.Network security technology cannot keep up with the current pace of network development, thetechnology cannot guarantee the safety of using network. Although the traditional wired networkintrusion detection technology has been well developed, but the wired network intrusion detectionis mainly focused on the network layer or above of the OSI Reference Model and the WirelessLAN attacks are concentrated in MAC layer certification and associated protocols, so it is notsuitable directly apply to the Wireless LAN, So the development of Wireless LAN securitytechnology is imminent. As a trend, researches of the Wireless LAN intrusion detection havebecomea hot spotbetween theexpertsandscholars.This thesis studies on the Wireless LAN security detection which was based on the analysis ofWirelessLANsecurity protocol.Andthekeycontributions areas follows:First of all,this thesis introduces the basic concept of Wireless LAN, in the full analysis ofthe security protocol, based on the understanding of the basis for its authentication and encryptionprocess, its weaknesses and vulnerable to attack also be pointed out. Then, a variety of WirelessLAN attacks were analyzed and compared, the research direction of this thesis also has been putforward.Secondly, the existing network intrusion detection technology had been introduced in thethesis. The intrusion detection system and the definition of generic intrusion detection model wasintroduced, and then the intrusion detection systems were classified according to the data sourceand detection methods, and the advantages and disadvantages of each type of detection technologyalsodescribed.Finally, an improved D-S evidence theory had been put forward. The algorithm tookadvantage of the distributed intrusion detection system, with the Snort-wireless deployment in thenetwork intrusion detection system. The use of intrusion detection software was to monitor theWireless LAN; intrusion detection node in the detection of abnormal behavior will be reported tothe decision nodes. And then, D-S evidence theory analyzes the credibility of the alarminformation to make the decision on whether to notify the network administrator or not. Accordingto the traditional defects of D-S evidence theory, then an improved intrusion detection algorithmwas processed. Firstly, by using the network packet with attacks to train the detection nodes to obtain the accuracy of the detection nodes, and then, the accuracy of the detection node will besubmitted to the decision node, in order to help the decision node to make the decision uponreceiving alarm information. And finally use the theory of evidence synthesis to produce a finalresult.Experiment results that the improved D-S Evidence Theory can well protect the WirelessLAN security, meanwhile producing far less number of alarm information than directly usingSnort-wireless,reducingthefalsealarmratetodecreasethe workloadofthenetworkadministrator. |
PDF Full Text Request