隨著近年來無線網路的技術逐漸成熟，加上各種行動應用裝置、筆記型電腦的普及化，無線網路已漸漸遍布於我們生活周遭。對惡意攻擊者而言，藉由無線網路入侵系統，亦成為了新的攻擊管道，加上網路攻擊技術一再創新，無線網路安全威脅日趨嚴重，對於在無線網路上安全防護研究，變成一個非常迫切、重要的課題。在無線網路中，我們可以略分為兩大種類，一種是需要基礎建設的架構，另一種則是不需要基礎建設的無線隨意行動網路（Ad Hoc Network)。由於無線隨意行動網路不需要基地台設施的特性，具有相當方便性，近年來也越來越被普遍地使用。所以為了要提供一個較為安全的無線隨意行動網路，不只要利用加密機制對封包進行加密，還可利用認證的概念，來進一步確認無線網路用戶的身份。更甚者，可在每位用戶上安裝一個入侵偵測系統（Intrusion Detection System），用來偵測出進行惡意攻擊之入侵節點，並做出回應，以減低其所可能造成的傷害。在本碩士論文中，我們著重在設計一個入侵偵測系統，並且提出一個以有限狀態機（Finite State Machine）結合支援向量機（Support Vector Machines）為基礎的入侵偵測系統，用來對無線隨意行動網路的網路行為進行分析。我們透過有限狀態機做第一層判斷，過濾出攻擊節點；對於未能明確判斷是否為攻擊的封包，則擷取出特徵值，並透過支援向量機訓練出來的模型，來做第二層的檢驗，檢查網路行為是否為正常。透過這個入侵偵測系統，我們可以保障正常用戶的使用權及資料安全，如此一來隨取無線網路的安全性也能夠被增加。

With the rapid development of wireless network technologies and the popularization of various kinds of mobile devices, wireless networks have become pervasive in our daily life nowadays. Wireless networks definitely provide an opportunity for malicious attackers to intrude or attack the system. Hence, wireless integrity becomes a very important task. In general, we can divide the wireless network into two categories, i.e., infrastructure and ad hoc networks. Due to the infrastructureless property of the ad hoc network, one of merits of the ad hoc network is convenience, which makes the ad hoc networks get popular recently. However, to set up a secured wireless ad hoc network, we should not only adopt the technique of encryption to ensure the confidentiality and privacy and the technique of authentication to avoid the illegal access to the network, but also equip each node with an intrusion detection system to detect malicious attackers so that some proper responses can be taken to reduce possible damage. In this thesis, we focus on the intrusion detection and shall propose an intrusion detection system that integrates the finite state machine (FSM) and a support vector machine (SVM) to analyze traffic patterns of wireless ad hoc networks. FSM is employed at the first stage of the detection system to find out attack nodes. Once FSM fails to determine whether the node is an attacker or not, SVM is then used at the second stage of the detection system by extracting characteristics from packets for training a suitable model. With such an intrusion detection system, usage of normal users and security of the wireless ad hoc network can be easily enhanced.

[1] S. Axelsson, “Intrusion detection systems: a taxonomy and survey," Tech. report no. 99-15, Dept. of Comp.Eng., Chalmers Univ. of Technology, Sweden, Mar. 2003.
[2] Y. Bai and H. Kobayashi, “Intrusion detection systems: technology and development," in Proc. IEEE AINA '03, pp. 710--715, Mar. 2003.
[3] S. Bhargava and D. P. Agrawal, “Security enhancements in AODV protocol for wireless ad hoc networks," in Proc. IEEE VTC '01, vol. 4, pp. 2143--2147, Oct. 2001.
[4] H. Deng, Q. A. Zeng, D. P. Agrawal, “SVM-based intrusion detection system for wireless ad hoc networks," in Proc. IEEE VTC '03, vol. 3, pp. 2147--2151, Oct. 2003.
[5] S. J. Hashim, K. Jumari, and M. Ismail, “Computer network intrusion detection software development," in Proc. IEEE TENCON '00, vol. 3, pp. 117--123, Sep. 2000.
[6] IEEE, “Wireless LAN medium access control (MAC) and Physical layer (PHY) speci_cations," IEEE Standard 802.11, 1999 Edition, 1999.
[7] T. Joachims, SVM Light, http://svmlight.joachims.org/
[8] O. Kachirski, R. Guha, “Intrusion detection using mobile agents in wireless ad hoc networks," in Proc. IEEE KMN '02, pp. 153--158, Jul. 2002.
[9] S. Mukkamala, G. Janoski, and A. Sung, “Intrusion detection using neural networks and support vector machines," in Proc. IEEE IJCNN '02, vol. 2, pp. 1702--1707, May 2002.
[10] P. Ning and K. Sun, “How to misuse AODV: a case study of insider attacks against mobile ad-hoc routing protocols," in Proc. IEEE Information Assurance Workshop '03, pp. 60--67, Jun. 2003.
[11] The network simulator ns-2, http://www.isi.edu/nsnam/ns/
[12] J. Parker, J. Underco_er, J. Pinkston, A. Joshi, “On intrusion detection and response for mobile ad hoc networks," in Proc. IEEE PCCC '04, pp. 747--752, Jun. 2004.
[13] C. E. Perkins and E. M. Royer, “Ad hoc on-demand distance vector routing," in Proc. IEEE WMCSA '99, pp. 90--100, Feb. 1999.
[14] C. E. Perkins, Royer, and S. Das, “Ad hoc on-demand distance vector (AODV) routing," Internet Draft, draft-ietf-manet-aodv-13.txt, Feb. 2003. (work in progress).
[15] C. Tseng, P. Balasubramanyam, C. Ko, R. Limprasittiporn, J. Rowe, and K. Levitt, “A speci_cation-based intrusion detection system for AODV," in Proc. ACM SASN '03, pp.125--134, 2003.
[16] V. Vapnik, “The nature of statistical learning theory. springer," 1995.
[17] G. Vigna, S. Gwalani, K. Srinivasan, E. M. Belding-Royer, and R. A. Kemmerer,“An intrusion detection tool for AODV-based ad hoc wireless networks," in Porc. IEEE ACSAC '04, pp. 16--27, Dec. 2004.
[18] S. Yi, P. Naldurg, and R. Kravets, “Security-aware ad hoc routing for wireless networks," in Proc. ACM MobiHoc '01, pp. 299--302, Oct. 2001.
[19] M. G. Zapata and N. Asokan, “Securing ad-hoc routing protocols," in Proc. ACM WiSE '02, pp. 1--10, Sep. 2002.
[20] Y. Zhang and W. Lee, “Intrusion detection in wireless ad hoc networks," in Proc. ACM MobiCom '00, pp. 275--83, Aug. 2000.
[21] Y. Zhang, W. Lee, and Y. Huang, “Intrusion detection techniques for mobile wireless networks," in Proc. ACM WINET '03, vol. 9, no. 5, pp. 545--556, Sep. 2003.
[22] L. Zhou and Z. J. Hass, “Securing ad hoc networks," IEEE Network Magazine, vol. 13, no. 6, pp. 24--30, Nov.--Dec. 1999.