- 學位論文
適用於MANET環境下的倒傳遞類神經網路之入侵偵測系統之研究
A Study on Intrusion Detection Systems Based on Back-Propagation Network for MANET
摘要
入侵偵測系統(Intrusion Detection System, 簡稱IDS)是維護網路安全的必要設備。然而,與有線網路環境相比,入侵偵測在行動隨意網路(Mobile Ad Hoc Network, 簡稱MANET)環境下的佈建面臨更多的困難。由於沒有類似有線網路有集中式的監控點;而且正常節點與惡意節點之間的行為區別不夠明顯,同時由於行動設備只受限於有限的能源和頻寬,而IDS在偵測時會耗費大量的能源與頻寬。 本研究應用倒傳遞類神經網路(Back Propagation Network,簡稱BPN)的非線性映射能力特性,設計一個在MANET環境下的IDS。透過離線(Off-line)訓練,將所收集到的封包資料以批次處理的方式進行,以減低資源的耗費,並可調適性(Adaptive)的調整權重及偏權值來達到機器學習的目標。而線上測試,依據離線學習更新的權重及偏權值作為偵測基礎,讓IDS區分區分正常行為與異常行為不夠明顯的特徵。此種方法有別於透過誤用偵測技術(Misuse Detection)的有限狀態機(Finite State Machine, 簡稱FSM)使用已知的攻擊特徵作為偵測的依據,而是針對AODV標頭(Header)擷取特徵向量進行辨識,對於未知的不正常行為也能偵測出來並做事後分析。因此,能夠強化網路的安全性。 為了驗證系統能對MANET環境下的內部攻擊有良好的反制能力,在模擬實證部分,以修改序列號碼攻擊以及封包丟棄攻擊作為實驗的對象,同時為了區分異常偵測與誤用偵測二種偵測技術之差異,本系統會與FSM作一性能比較。從實驗結果顯示:BPN具反饋學習的能力,所以偵測結果優於FSM;且偵測結果不會因資料量多寡而差異太大,證明IDS的穩定性能佳;同時發現當節點的連結度增多時,偵測錯誤率會降低,但當節點最大移動速度愈高時,偵測錯誤率會上升。
並列摘要
Intrusion Detection System (IDS) is an essential safeguard network security equipments. However, compared with the wired network environment, the intrusion detections in Mobile Ad Hoc Network (MANET) environment faces more and more difficulties. In MANET, neither infrastructure nor a centrailized audit point. Moreover, it is hard to differentiate between normal node and malicious nodes. At the same time, mobile devices have limited energy; but IDS will spend a lot of energy and bandwidth in the detection. In this study, we employ non-linear mapping of Back Propagation Network (BPN) that designs IDS architecture suitable for MANET. In off-line training, in order to reduce the cost of resources, it will collect the packets with the form of batch processing. We adjust adaptability of weights and bias to achieve the goal of machine learning.Through on-line testing, it takes advantage of off-line training model as detect-basis. Moreover, this paper uses BPN adaptability features, utilizing MANET adaptive dynamic network environment for adjustment, it is able to distinguish abnormal behaviors from normal behaviors by characteristics. Different from misuse detection systems of the Finite State Machine (FSM) that use known signatures of attacks to detect, our method extracts feature vector from the AODV header’s feature vector for identification. For the unknown types of attack, the method is able to make classification efficiently. For ones, it is possible to detect them and then use them for later analysis. Therefore, it protects the security of MANET. In order to validate the system that has a good defense capability for internal attack. In the simulation, we simulated sequence number attack and packet drop attack as a test. To distinguish between anomaly detection and misuse detection, we will make a performance comparison with FSM. The experimental results show the following. BPN has the ability to learn on feedback, so the results of detection are better than FSM. There is a less discrepancy in the results when the data change, so as to IDS has well performance in stability. Moreover, it along with the number of connection degree increases, the detection error rate will drop off; however, when the mobile nodes max speed increase, the rate of detection error rate will heighten.
參考文獻
延伸閱讀
- 黃淵駿(2011)。自動網路入侵偵測及防禦之設計-運用倒傳遞類神經網路〔碩士論文,國立虎尾科技大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0028-0107201112551900
- Tseng, F. Y. (2006). 應用類神經網路於異常偵測及誤用偵測之 入侵偵測系統 [master's thesis, Tatung University]. Airiti Library. https://www.airitilibrary.com/Article/Detail?DocID=U0081-0607200917240420
- 李維(2020)。運用混合神經網路模型之網路入侵檢測系統〔碩士論文,逢甲大學〕。華藝線上圖書館。https://doi.org/10.6341/fcu.M0720919
- 胡家耀(2017)。應用倒傳遞類神經網路於iBeacon區域定位系統〔碩士論文,國立虎尾科技大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0028-2707201717465000
- Alsaqour, R., Abdelhaq, M., & Abdullah, T. (2011). Modeling the Position Information Inaccuracy in MANET Position-Based Routing Protocols. Research Journal of Applied Sciences, Engineering and Technology, 3(9), 971-976. https://www.airitilibrary.com/Article/Detail?DocID=20407467-201109-201411110031-201411110031-971-976