| With the increasing application requirement of Wireless Mesh Network(WMN) in network construction, the security of WMN becomes increasingly prominent, it has become a hot research subject in the field of network security. Intrusion Detection System(IDS) as an active network security defending technology, plays a very important role in the network security monitoring system. Therefore, it mainly researches the distributed network intrusion detection method for WMN.On the basic of researching and analyzing WMN structure and communication characteristics, a Region-Coverage based Distributed Intrusion Detection(RCDID) model was proposed against on the problems in the existing WMN intrusion detection methods. Firstly, in order to satify the requirement of distributed intrusion detection for WMN, a distributed network intrusion detection solution base on Snort was proposed, the Snort rule files have been grouped into several rule modules base on the dependency of rules and the rule files to preprocessors. Then, a Regional Coverage Optimization(RCO) algorithm was proposed for promoting intrusion detection rate, which nodes can locally decide which detection modules they should load, the distribution of detection modules in the same monitoring region can be optimised by simple communication mechanism among monitoring nodes, and realizing the core modules on the foundation of the design for RCO algorithm functions. Comparing with other intrusion detection mothed theories, RCDID model is better able to satisfy the detection demands of resource-constrained and large-scale WMN.Finally, a simulation experiment was designed for validating the feasibility of RCDID, and the performance of RCDID model under different network conditions were calculated by adaptive evaluation experiment. Experimental results demonstrate that RCDID has higher intrusion detection rate and memory utilization comparing with existing methods, and it has better adaptability and scalability in different scale networks. |
PDF Full Text Request