簡易檢索 / 詳目顯示

回結果列表
研究生: 謝育霖
Yu-lin Hsieh
論文名稱: 無線隨意網路中增強安全路由協定之研究
A Study on Improving Securing Ad Hoc Routing Protocol with Intrusion Detection System
指導教授: 洪西進
Shi-jinn Horng
口試委員: 馮輝文
Huei-wen Ferng
梅興
Mei Hsing
蘇民揚
Ming-yang Su
學位類別: 碩士
Master
系所名稱: 電資學院 - 資訊工程系
Department of Computer Science and Information Engineering
論文出版年: 2006
畢業學年度: 94
語文別: 中文
論文頁數: 55
中文關鍵詞: 無線隨意行動網路入侵偵測系統攻擊網路安全
外文關鍵詞: mobile ad hoc network
相關次數: 點閱:218下載:0
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 近年來數位行動裝置普及,加上政府大力推廣,越來越多人使用無線網路,透過手中的行動裝置,很容易就可以連上無線網路,也因為無線網路的便利,讓許多惡意的攻擊者有了新的管道,加上無線網路設計的固有缺陷,所以無線網路的安全問題在最近這幾年來是相當的重要。
    無線網路可以分為兩大種類,一種是需要基礎建設的架構,另一種則是不需要基礎建設的無線隨意行動網路(mobile ad hoc networks, MANETs),其中又以無線隨意網路最為容易使用。在本論文中,我們針對無線隨意網路的路由安全進行探討,並且介紹一個新的路由協定 SAODV ,這個新的路由協定可以加強無線網路安全,儘管此路由協定可以防禦修改路由封包 (control packet) 的攻擊,卻無法給予惡意的攻擊節點反抗,只能任由攻擊節點一直發送錯誤封包,干擾其他節點,此外 SAODV 路由協定還有些攻擊是防禦不了的。因此,我們提出了分散式的入侵偵測系統來協助 SAODV 進行防禦,比起在 AODV 上架設入侵偵測系統,使用 SAODV 能夠有基本的抵抗能力,可以減輕入侵偵測系統的負擔,讓系統專注於其他攻擊的偵測。

    In recent years, mobile appliances are in widespread use. Due to the popularizing wireless network by government, there are more people starting to utilize them.
    There are two categories in wireless network, i.e., infrastructure and ad hoc networks. Due to the infrastructure-less property of the ad hoc network, ad hoc network is more convenient, which makes the ad hoc networks get popular recently. To set up a securing wireless ad hoc network, we should focus on the routing protocol. A new and securing routing protocol, SAODV, can protect routing packets from being modified. However, there are some exploits in this protocol. In this paper, we propose an environment with built-in intrusion detection systems in order to get rid of these defects. We avoid some specific attacks by using securing routing protocol, and detect the others by using intrusion detection system. Therefore, the loading of intrusion detection system can be reduced so that the IDS could aim at detecting attacks.

    中文摘要 I 英文摘要 II 誌  謝 III 目  錄 IV 圖 目 錄 VII 第一章 緒論 1 1.1 前言 1 1.2 研究動機 1 1.3 研究目的 3 1.4 論文架構 3 第二章 相關文獻探討 5 2.1 無線隨意行動網路簡介 5 2.1.1 Proactive 路由協定 5 2.1.2 Reactive 路由協定 5 2.2 AODV 路由協定 6 2.2.1 AODV路由協定簡介 6 2.2.2 AODV路由協定的弱點分析 10 2.3 SAODV (Securing AODV) 路由協定 19 2.3.1 SAODV 路由協定簡介 19 2.3.2 SAODV 路由協定弱點分析 22 2.4入侵偵測系統 24 2.4.1系統類型 24 2.4.2分析技術 26 2.5無線隨意網路上的入侵偵測系統 27 第三章 無線隨意行動網路上的入侵偵測系統 29 3.1 系統架構 30 3.2 一般使用者節點 31 3.3 入侵偵測系統節點 31 3.4 黑白名單與封包過濾器 32 3.5 入侵偵測機制 33 第四章 實驗模擬與結果 41 4.1 模擬環境 41 4.2 入侵偵測節點分佈與偵測率之實驗 43 4.3 拓樸變更頻率與封包傳送到達率 45 4.4 連線吞吐量及封包到達率比較 46 4.5 結論 50 第五章 總結 51 參考文獻 53

    [1] A. Mishra, K. Nadkarni, and A. Patcha, “Intrusion Detection in Wire-less Ad Hoc Networks,” IEEE Wireless Communications, Vol. 11, Issue1, pp. 48-60, February 2004.
    [2] Asad Amir Pirzada, Chris McDonald, “Establishing trust in pure ad-hoc networks,” ACM International Conference Proceeding Series; Vol. 56, Proceedings of the 27th conference on Australasian computer science - Volume 26, pp.47-54, 2004.
    [3] Asad Amir Pirzada, Chris McDonald, “Kerberos assisted Authentication in Mobile Ad-hoc Networks, “ Proceedings of the 27th conference on Australasian computer science - Volume 26 CRPIT '04 , pp.41-46, January 2004.
    [4] B. Sun, K.Wu, and U. W. Pooch, “Alert Aggregation in Mobile Ad Hoc Networks,” Proceedings of the 2003 ACM Workshop on Wireless Security (WiSe'03) in conjuction with the 9th Annual International Conference on Mobile Computing and Networking (MobiCom'03), pp. 69-78,2003.
    [5] Baolin Sun, Hua Chen, and Layuan Li, “An Intrusion Detection System for AODV, “Proceedings of the 10th International Conference of Engineering of Complex Computer Systems, 2005.
    [6] C. E. Perkins and E. M. Royer, “Ad hoc on-demand distance vector routing,” in Proc. IEEE WMCSA '99, pp. 90-100, Feb. 1999.
    [7] C. E. Perkins, Royer, and S. Das, “Ad hoc on-demand distance vector (AODV) routing,” Internet Draft, draft-ietf-manet-aodv-13.txt, Feb. 2003.
    [8] C. Tseng, P. Balasubramanyam, C. Ko, R. Limprasittiporn, J. Rowe, and K. Levitt, “A specification-based intrusion detection system for AODV,” in Proc. ACM SASN '03, pp.125-134, 2003.

    [9] C.-Y. Tseng, P. Balasubramanyam, and C. Ko, et al, “A specification-based intrusion detection system for AODV,”, In ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN’03), VA, October 2003.
    [10] D. B. Johnson, and D. A. Maltz, “The Dynamic Source Routing Protocol for Mobile Ad Hoc Networks (Internet-Draft),” Mobile Ad-hoc Network (MANET) Working Group, IETF, October 1999.
    [11] G. Vigna, S. Gwalani, K. Srinivasan, E. M. Belding-Royer, and R. A. Kemmerer, “An intrusion detection tool for AODV-based ad hoc wireless networks, “ IEEE ACSAC '04, pp. 16-27, Dec. 2004.
    [12] IEEE, “Wireless LAN medium access control (MAC) and Physical layer (PHY) specifications, “ IEEE Standard 802.11, 1999 Edition, 1999.
    [13] J. Parker, J. Undercoer, J. Pinkston, A. Joshi, “On intrusion detection and response for mobile ad hoc networks,” in Proc. IEEE PCCC '04, pp. 747-752, Jun. 2004.
    [14] Keun-Ho Lee et al. “Authentication Based on Multilayer Clustering in Ad Hoc Networks,” EURASIP Journal on Wireless Communications and Networking 2005:5, pp.731–742, May.2005.
    [15] Liang Qin, Thomas Kunz, “Pro-active route maintenance in DSR,”ACM SIGMOBILE Mobile Computing and Communications Review Volume 6 , Issue 3, pp.79-89, July 2002.
    [16] M. G. Zapata, N. Asokan, “Securing ad-hoc routing protocols,” in Proc. ACM WiSE '02, pp. 1-10, Sep. 2002.
    [17] Mathias Bohge, Wade Trappe, “An Authentication Framework for Hierarchical Ad Hoc Sensor Networks,” Proceedings of the 2003 ACM Workshop on Wireless Secu-rity (WiSe'03), pp.79-87, Sep. 2003.
    [18] P. Brutch and C. Ko, “Challenges in Intrusion Detection for Wireless Ad-hoc Networks,” Proceedings of 2003 Symposium on Applications and the Internet Workshop, pp. 368-373, January 2003.
    [19] P. Ning and K. Sun, “How to misuse AODV: a case study of insider attacks against mobile ad-hoc routing protocols,” in Proc. IEEE Information Assurance Workshop '03, pp. 60-67, Jun. 2003.
    [20] Rajiv K. Nekkanti, Chung-wei Lee, “Trust based adaptive on demand ad hoc routing protocol,” ACM Southeast Regional Conference archive Proceedings of the 42nd annual Southeast regional conference, pp88-93, 2004.
    [21] S. Buchegger and J. Le Boudec, “Performance Analysis of the CONFIDANT Protocol (Cooperation Of Nodes - Fairness In Dynamic Ad-hoc NeTworks),” Proceedings of the 3rd ACM International Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc'02), pp. 226-336, June 2002.
    [22] Tiranuch Anantvalee, Jie Wu, “A Survey on Intrusion Detection in Mobile Ad Hoc Networks,” Wireless/Mobile Network Security, pp.170-196, 2003.
    [23] Y. Bai and H. Kobayashi, “Intrusion detection systems: technology and development,” in Proc. IEEE AINA '03, pp. 710-715, Mar. 2003.
    [24] Y. F. Jou, F. Gong, C. Sargor, X. Wu, S. Wu, H. Chang, and F. Wang,”Design and Implementation of a Scalable Intrusion Detection System for the Protection of Networks Infrastructure,” Proceedings of DARPA Information Survivability Conference and Exposition, Vol. 2, pp. 69-83, January 2000.
    [25] Y. Zhang, W. Lee, and Y. Huang, “Intrusion Detection Techniques for Mobile Wireless Networks,” ACM/Kluwer Wireless Networks Journal (ACM WINET), Vol. 9, No. 5, September 2003
    [26] The network simulator - ns-2, http://www.isi.edu/nsnam/ns/
    [27] Wi-Fi Alliance's WPA page, http://www.wi-fi.org/opensection/protected_access.asp
    [28] 台北市網路新都 - http://www.healthcity.net.tw/

    無法下載圖示 全文公開日期 2011/08/04 (校內網路)
    全文公開日期 本全文未授權公開 (校外網路)
    全文公開日期 本全文未授權公開 (國家圖書館:臺灣博碩士論文系統)
    QR CODE