以支援向量機與約略集合為基礎在隨意式無線網路中具多重類型攻擊之入侵偵測方法

由於無線網路帶來的方便性、快速性、行動性，使得安全性成為使用者所關注的議題之一。無線網路攻擊手法中，大多與有線網路的攻擊型態相似，不過無線網路攻擊必需要考慮在開放式的空間下，無線環境比起有線網路封閉迴路系統風險較大。如何建構無線網路入侵偵側系統，讓使用者可以更安全的傳輸資料，更是一大重要的議題。目前已有許多學者提出相關的無線網路入侵偵測方式，但在偵測上仍有精確度及執行效能的問題，亦或只能針對單種類的入侵手法作偵測，無法達到全面性的防禦。本研究提出隨意無線網路的入侵偵測系統，以NS-2軟體模擬網路傳送並抓取網路傳送封包內容，接下來將所處理之特徵值輸入支援向量機(Support Vector Machine, SVM)訓練成模型，再以支援向量機訓練之後的模型分析新的攻擊封包。最後實驗設計針對AODV與DSR兩種通訊格式做比較，分析不同的入侵偵測之效能。因此，透過本研究中所提出以可防禦多種類型攻擊建置的系統，簡稱NPFAIDS(Network Protocol Features Analysis Intrusion Detection System)，可達成下列目標(1)利用支援向量機建置入侵偵測分析模型(2)建置AODV與DSR網路入侵行為資料庫模型(3)利用約略集合理論降低入侵偵測分析的資料維度，提高偵測的時間及執行效能(4)可防禦多種類的入侵攻擊行為。

關鍵字

約略集合；隨意式無線網路；入侵偵測系統；支援向量機；異常偵測

並列摘要

In recent years, the wireless technology will bring the convenience, fast and with mobility for human daily life. So, the security issues of wireless networks become very important for users. The attack techniques of mobile ad hoc networks are similar traditional wired networks but the attack of wireless network is in the open space. Wireless system will have higher risk than traditional wired networks. How to build an intrusion detection system to provide a safety environment for user is an important issue. In recent years, many researchers have proposed numbers of methods for intrusion detection but those methods still have some drawbacks such as the low detection precision rate, poor execution efficiency, or detection methods can only prevent type of single attack. Current intrusion detection methods cannot defense the attacks comprehensively. In the thesis, we propose a mobile ad hoc network intrusion detection system. The intrusion detection system is using NS-2 simulator to simulate MANET environment. The support vector machine (SVM) is leaded in intrusion detection system. The SVM will train and output a model which can detect several types of attack. We simulate environment to evaluate the performance of intrusion detection system which bases on AODV and DSR transmission protocols. In brief, this study includes: (1) build an intrusion detection modules by support vector machine; (2) design a stable AODV and DSR routing protocol intrusion behavior database in MANET; (3) enhance the rough set theory to decrease analysis data and increase executing performance; (4) defend the multi-attacks behavior of MENAT.

並列關鍵字

Mobile ad hoc network ； Rough Set Theory ； Anomaly Detection ； Support Vector Machine ； Intrusion detection System

參考文獻

[1] R. Agarwal and M.V. Joshi, (2001), “PNrule: A New Framework for Learning Classifier Models in Data Mining (A Case-study in Network Intrusion Detection),” Proceedings of First SIAM Conference on Data Mining.

[3] V. Bhuse and A. Gupta, (2006) “Anomaly intrusion detection in wireless sensor networks,” Journal of High Speed Networks, Vol. 15, pp 33-51.

[4] M. Brownfield, G. Yatharth and N .Davis, (2005) “Wireless Sensor Network Denial of Sleep Attack,” Proceeding of the 6th Annual IEEE SMC, pp. 356-364.

[5] A. Chadha, Y. Liu and S. K. Das (2005), “Group Key Distribution via Local Collaboration in Wireless Sensor Networks,” Second IEEE Sensor and Ad Hoc Communications and Networks, pp. 46-54.

[6] W. H. Chen, S. H. Hsu and H. P. Shen (2005), “Application of SVM and 54 ANN for intrusion detection,” Computers & Operations Research, Vol. 32, pp. 2617-2634.

國際替代計量

以支援向量機與約略集合為基礎在隨意式無線網路中具多重類型攻擊之入侵偵測方法

主題瀏覽