作　　者： ; ;

机构地区： 中山大学信息科学与技术学院电子与通信工程系

出　　处： 《计算机科学》 2009年第11期75-78,共4页

摘　　要： Ad hoc网络由于采用无线信道、有限的电源和带宽、分布式控制等,会比有线网络更易受到入侵攻击。通常的入侵检测技术具有检测能力单一、缺乏对抗新入侵方式的能力等缺陷。在分布式入侵检测系统(IDS)的基础上,提出一种针对移动节点网络行为的异常检测机制。基于多层综合的观测值序列,采用隐半马尔可夫模型(HSMM)建立描述网络中合法节点正常行为的检测模型,继而对网络中的正常与异常行为进行判断与识别。实验表明,此方法能针对现有多种入侵方式进行有效的检测。 Mobile Ad hoc Networks are very vulnerable to malicious attacks due to the nature of mobile computing environment such as wireless communication channels, limited power and bandwidth,dynamically changing and distributed network topology, etc. The general existing Intrusion Deteetion Systems （IDS） have provided little evidenee that they are applicable to a broader range threats. Based on the generalized and cooperative intrusion detection architecture proposed as the foundation for all intrusion detection, we presented an anomaly detection mechanism to discriminate the illegitimate network behaviors of mobile nodes. By collecting the observation sequences of multiple protocol layers, Hidden semi-Markov Model （HSMM） was explored to describe the network behaviors of legitimate nodes and to implement the anomaly detection for various malicious attacks. We conducted extensive experiments using the ns-2 simulation environment to evaluate and validate our research.

关 键 词： 网络 入侵检测系统 异常检测 隐半马尔可夫模型

领　　域： [自动化与计算机技术] [自动化与计算机技术] [自动化与计算机技术] [自动化与计算机技术]