Distributed intrusion detection for mobile ad hoc networks

Mobile ad hoc networking(MANET)has become an exciting and important technology in recent years,because of the rapid proliferation of wireless devices.Mobile ad hoc networks is highly vulnerable to attacks due to the open medium,dynamically changing network topology,cooperative algorithms,and lack of centralized monitoring and management point.The traditional way of protecting networks with firewalls and encryption software is no longer sufficient and effective for those features.A distributed intrusion detection approach based on timed automata is given.A cluster-based detection scheme is presented,where periodically a node is elected as the monitor node for a cluster.These monitor nodes can not only make local intrusion detection decisions,but also cooperatively take part in global intrusion detection.And then the timed automata is constructed by the way of manually abstracting the correct behaviours of the node according to the routing protocol of dynamic source routing(DSR).The monitor nodes can verify the behaviour of every nodes by timed automata,and validly detect real-time attacks without signatures of intrusion or trained data.Compared with the architecture where each node is its own IDS agent,the approach is much more efficient while maintaining the same level of effectiveness.Finally,the intrusion detection method is evaluated through simulation experiments.     

Distributed intrusion detection for mobile ad hoc networks

Mobile ad hoc networking （MANET） has become an exciting and important technology in recent years, because of the rapid proliferation of wireless devices. Mobile ad hoc networks is highly vulnerable to attacks due to the open medium, dynamically changing network topology, cooperative algorithms, and lack of centralized monitoring and management point. The traditional way of protecting networks with firewalls and encryption software is no longer sufficient and effective for those features. A distributed intrusion detection approach based on timed automata is given. A cluster-based detection scheme is presented, where periodically a node is elected as the monitor node for a cluster. These monitor nodes can not only make local intrusion detection decisions, but also cooperatively take part in global intrusion detection. And then the timed automata is constructed by the way of manually abstracting the correct behaviours of the node according to the routing protocol of dynamic source routing （DSR）. The monitor nodes can verify the behaviour of every nodes by timed automata, and validly detect real-time attacks without signatures of intrusion or trained data. Compared with the architecture where each node is its own IDS agent, the approach is much more efficient while maintaining the same level of effectiveness. Finally, the intrusion detection method is evaluated through simulation experiments.     

入侵诱骗模型的建立方案

网络攻击和入侵事件不断发生,给人们造成了巨大的损失,网络安全问题越来越成为社会关注的热点。Honeypot系统就是入侵诱骗技术中的一种,在网络安全中起着主动防御的作用。在分析了这种技术实现方式的基础上,形式化地定义了入侵诱骗系统,提出了入侵诱骗的体系结构,并给出了一个入侵诱骗系统的实现模型。     

Flooding attack and defence in Ad hoc networks

1 .INTRODUCTIONMobile Ad hoc Network is an autonomous system ofmobile nodes connected by wirelesslinks .It has sever-al salient characteristics ,such as Dynamic topologies ,Bandwidth-constrained,variable capacity links , Ener-gy-constrained operation,Li mited physical security[1].Due tothesefeatures ,mobile ad hoc networks are par-ticularly vulnerable to denial of service attackslaunchedthrough compromised node.In this paper , we present a new attack,theAd hoc Flooding Attack, which re…     

Decentralized network management based on mobile agent

The mobile agent technology can be employed effectively for the decentralized management of complex networks. We show how the integration of mobile agent with legacy management protocol, such as simple network management protocol (SNMP), leads to decentralized management architecture. HostWatcher is a framework that allows mobile agents to roam network, collect and process data, and perform certain adaptive actions. A prototype system is built and a quantitative analysis underlines the benefits in respect to reducing network load.     

无线传感器网络中多移动代理分组优化算法

在基于多移动代理的无线传感器网络中,源节点的编组方法是区别于单移动代理系统的核心研究问题。基于跳数的最小生成树原理,提出一种基于最小生成树算法的规划编组方式,通过对无向全连通图中边权值的测量和选取,简单而有效地控制网络中能量消耗与任务延迟间的平衡,从而获得高效的综合性能。最后通过大量的OPNET仿真实验验证了算法的可靠性。

Abstract：

In contrary to the single mobile agent system,the grouping methodology for source nodes is the key issue in multi-agent itinerary planning for wireless sensor networks.A novel approach was proposed based on hop-oriented minimum spanning tree.The scheme achieves flexible trade-off control between energy cost and task duration by dynamically selecting edge weights in the total connected graph.Extensive simulations have shown that the approach outperforms the existing works.     

TDMA体制下的移动自组织网时隙同步方法

在TDMA体制下的移动网状自组织网络中,为了解决网络时隙同步问题,提出了一种不依赖GPS授时的网络时隙互同步算法。各节点通过计算相邻节点的时隙偏差,通过加权计算并调整本节点的时隙位置,使网内各节点的时隙起始都调整到同一位置上,达到时隙的互同步。通过仿真和实验,分析并验证了移动自组织网络时隙互同步的收敛性能和抗干扰性能。     

一种保障移动智能体系统的安全模型

基于移动智能体的应用技术需要率先解决系统的基本安全问题,以支持其发展与成熟。鉴于传统的被动防御安全策略不能适应移动智能体技术应用的发展需要,提出了一种保障移动智能体系统安全的安全模型。按模型实现的原型系统能够主动识别并实时响应攻击行为。该系统还可利用端口映射的机制迷惑攻击者,起到代理服务器型防火墙的实际功效,这是对移动智能体系统安全解决方案的积极探索。     

基于多Agent的可控网络安全系统研究

移动安全Agent扫描各客户主机的漏洞,采集记录异常活动的审计日志,实现事前和事后的安全保障,但移动Agent自身的通信和迁移的安全性同样重要.首先结合硬件特征属性密钥和用户信息,实现基于Agent技术的多因素认证系统,在认证基础上,利用非对称加密技术和密钥管理,保障Agent通信和迁移的安全性.Agent作为软件,容易受到外部破坏,采用检测代理,通过Agent的协作,利用地址解析协议对网内节点的扫描,将广域网扫描机制转化为简单易行的内网扫描,从而保障客户主机中认证Agent的部署可靠性.实验结果表明,该系统效率高,可扩展性、通用性好.     

基于风险管理的入侵检测数据采样策略模型

基于网络的入侵检测系统通过详细分析计算机网络中传输的网络数据包进行入侵检测,由于检测速率与数据包采集速率不匹配,以及检测所需成本的限制,在收集用于检测的网络数据包时必须选择有效的采样策略。引入了博弈模型框架上的原始入侵数据包采样策略,在此基础上再进行分析和扩展。同时,讨论了原有单一采样策略的不足,引入风险管理的思想并通过具体的实例来分析在不同风险情况下的策略选择问题。     

基于自适应大数表决机制的容忍入侵模型

针对容忍入侵系统中自适应能力较差的问题,提出了一种基于自适应大数表决机制的容忍入侵系统模型。该模型采用了适当的复制技术和自适应大数表决技术,使系统即使在遭受到恶意攻志的情况下仍能安全、可靠地运行,并能有效地识别出有故障的复制品,从而达到了容忍入侵的目的。通过使用基于前几轮表决的历史记录,使得表决器表决出的输出值更准确、更可靠并能及时地移除掉有故障的复制品。分析表明,方案具有安全性强,可靠性高,系统性能好以及易于实现等优点,特别适应用于对系统安全性、可靠性、可生存性,以及系统效率要求较高的分布式环境中。     

无线传感器网络的自适应分簇组网算法研究

针对经典算法LEACH和HEED的不足,提出了一种能自适应分簇组网的优化算法。构建了节点信息权重模型,并借鉴邻节点信息交换的思想,在成簇过程中与探测范围内的节点交换权重信息,自适应完成分布式网络的簇首选举,并根据最小距离原则成簇。理论分析和仿真实验表明,该算法比LEACH和HEED算法选取的簇首及形成的簇结构更加合理,同时更有效地降低与均衡了网络的能耗,提高了传感器网络的生命周期。

Abstract：

A self-adaptive and optimized clustering algorithm was put forward according to the shortage of LEACH and HEED. The Heavy-weight model about nodes＇ messages was created,and the idea that neighbor nodes exchanged messages each other was used for reference. The nodes which were able to communicate with each other exchanged the Heavy-weight during making clusters,elect self-adaptively the cluster head in distributing networks,and made some clusters based on the minimum distance principle. The theoretic analysis and simulation results prove that the elected cluster head and cluster structure are more reasonable,the energy expenditure in networks is less,the longevity of networks is longer by the optimized algorithm compared to LEACH and HEED.     

高密度无线传感器网络分簇定位算法

节点自身定位是无线传感器网络应用的支撑技术之一。提出了一种适用于大规模高密度无线传感器网络的分簇定位算法。首先定义了节点的势作为簇首选举依据,网络中节点间的距离由接收信号强度和通信半径的关系间接计算得到,各簇内的拓扑信息由簇首保存,簇首利用线性规划法实现簇内相对定位;随后从sink节点开始逐步进行簇间位置融合,最终实现全网的绝对定位。相比集中式的凸规划定位算法,所提算法计算复杂度低、通信量小、定位精度高,且不需要预先知道环境中的信号衰减因子,有一定的抗噪声干扰能力。仿真结果显示,在节点按均匀网格分布和均匀随机分布两种情况下,所提算法能取得较好的定位效果。     

Multilevel security model for ad hoc networks

Modern battlefield doctrine is based on mobility, flexibility, and rapid response to changing situations. As is well known, mobile ad hoc network systems are among the best utilities for battlefield activity. Although much research has been done on secure routing, security issues have largely been ignored in applying mobile ad hoc network theory to computer technology. An ad hoc network is usually assumed to be homogeneous, which is an irrational assumption for armies. It is clear that soldiers, commanders, and commanders-in-chief should have different security levels and computation powers as they have access to asymmetric resources. Imitating basic military rank levels in battlefield situations, how multilevel security can be introduced into ad hoc networks is indicated, thereby controlling restricted classified information flows among nodes that have different security levels.     

基于元胞自动机的短信网络病毒传播模拟

针对短信网络内病毒传播行为的多样性特点,在研究短信网络生长过程及其拓扑结构的基础上,采用SEIR模型构造元胞自动机模拟方法,对病毒在短信网络内的传播过程进行了模拟仿真,并在此基础上研究了用户反应时间、预免疫与病毒变异对短信病毒传播的影响.实验结果表明,该自动机模型能较好地模拟短信网络中病毒的传播过程.同时针对病毒的传播特点提出了有效的防治策略.     

基于神经网络的异常入侵检测系统

针对神经网络检测器本身的网络结构和算法进行改造可获得好的性能,但无法从根本上解决误报率和漏报率等问题,通过对程序行为的深入研究,对程序行为进行动态建模,提出了一个应用BP神经网络检测器针对程序行为异常的入侵检测模型,从而更准确地发现程序行为的异常。通过Apache服务器为例论证其可行性。     

基于特征选取与树状Parzen估计的入侵检测

针对目前网络空间安全形势快速变化带来的新风险和新挑战, 提出一种基于相关性分析的特征选取和树状Parzen估计优化的入侵检测方法。首先, 通过基于相关性分析的数据特征选取方法对数据维度进行压缩。其次, 对原始数据集进行特征筛选, 生成新的特征子集。最终, 使用序列模型优化算法中的树状Parzen估计算法对随机森林算法进行模型优化。实验结果表明, 相比其他应用机器学习算法的入侵检测方法, 所提方法在提升综合性能的同时拥有更高的检测效率, 有效地提升了入侵检测技术的实用性。     

基于多智能体的自主移动机器人混合式体系结构

针对自主移动机器人系统的设计需求提出了一种基于多智能体的混合式体系结构,统一规划了机器人系统的软硬件结构,在该体系结构中设计并实现了硬件接口、慎思式和反应式三种智能体,提出使用多样化的信息组织形式,增强了系统的自适应能力和易扩展性。在具体的物理实现上采用了基于CAN总线的控制结构,并对各组成部分给出了详细的描述。测试结果证明了本移动机器人系统设计的可行性和高效性。     

无线网络中蠕虫传播模型的构建与仿真

基于无线网络环境提出了移动节点接触频率的计算方法,对无线蠕虫的传播原理进行了分析和研究,针对节点的移动性构建了简单无线网络蠕虫传播模型（SWM）。此模型较好地显示了节点通信半径、易感节点分布密度和节点运动速度等参数对蠕虫传播的影响。仿真实验结果证明了SWM模型理论与无线网络中预测命题的一致性。该模型精确地模拟了无线网络中蠕虫的传播规律,为采取有效措施防止无线蠕虫的大范围传播提供了理论依据。     

A distributed adaptive multi-hop certification authority schemefor mobile Ad Hoc networks

1.INTRODUCTION Amobileadhocnetwork(MANET)isanau tonomoussystemofmobilenodesconnectedbywire lesslinks,theunionofwhichformsacommunication networkmodeledintheformofanarbitrarycommu nicationgraph[1].Thesalientfeaturesofadhocnet worksposechallengesinachievingsecuritygoals.In wirednetworks,anadversarycannotattacknetworks untilitconnectswiredphysicallink.Bycontrary,an attackinwirelessnetworksmaycomefromanyloca tion.Thereforeadhocnetworksmustadoptdis tributedcertificationauthority(CA),otherwis…