【摘要】：移動Ad Hoc網(wǎng)絡(luò)是一種無需基礎(chǔ)設(shè)施、自組織、網(wǎng)絡(luò)拓撲動態(tài)變化的無線多跳對等網(wǎng)絡(luò),具有快速組網(wǎng)、配置方便、成本低、抗毀性能好等優(yōu)點,近些年來,在戰(zhàn)術(shù)通信、商業(yè)及民用環(huán)境、搶險救災(zāi)等場合的應(yīng)用越發(fā)廣泛。然而,和其他網(wǎng)絡(luò)相比,正是由于其獨有的特性給移動自組網(wǎng)帶來了節(jié)點間協(xié)作、路由、安全等多種新問題。其中,選擇合適的路由及路由信息的維護是提供正常網(wǎng)絡(luò)服務(wù)的基礎(chǔ),對網(wǎng)絡(luò)拓撲的維護尤為重要。移動Ad Hoc網(wǎng)絡(luò)中任何終端都可能加入路由選擇過程,很容易遭受外部或內(nèi)部攻擊,因此路由安全研究是移動Ad Hoc網(wǎng)絡(luò)進一步發(fā)展的關(guān)鍵問題之一。作為入侵防御機制的加密、認證等技術(shù)雖然在自組網(wǎng)路由安全中廣泛應(yīng)用,對來自網(wǎng)絡(luò)內(nèi)部的攻擊卻無能為力,這就需要將行為檢測和響應(yīng)技術(shù)與之互為補充,共同保障路由安全。本文在對國內(nèi)外有關(guān)移動自組網(wǎng)安全路由及路由入侵檢測方面工作深入研究的基礎(chǔ)上,從如何有效檢測移動Ad Hoc網(wǎng)絡(luò)路由入侵行為,如何準確的響應(yīng)將惡意路由節(jié)點移除網(wǎng)絡(luò),提供可信度的路由環(huán)境角度進行了分析研究。通過參考有線和已有無線自組網(wǎng)的入侵檢測模型和方法,充分考慮到Ad Hoc網(wǎng)絡(luò)的無中心、自組織、拓撲隨機變化、有限能量等特性,本論文提出一種基于朋友機制的輕量級入侵檢測模型,來保障移動Ad Hoc網(wǎng)絡(luò)路由安全。該模型分兩層實現(xiàn),第一層為局部入侵檢測模塊,通過配置混合入侵檢測引擎快速識別初級朋友節(jié)點;第二層為全局檢測模塊,對初級朋友節(jié)點進行綜合檢測之后最終確定節(jié)點是否為真正的朋友節(jié)點,降低誤報率;最后根據(jù)投票機制生成各節(jié)點的信任等級�；诒疚奶岢龅娜肭謾z測模型,應(yīng)用AODV協(xié)議為移動自組網(wǎng)中兩種典型路由攻擊設(shè)計了檢測方案,并采用OPNET等軟件對方案進行了仿真分析,結(jié)果表明該方案能夠有效的檢測出攻擊,同時將本文檢測結(jié)果和已有模型的檢測結(jié)果做了比較,進一步驗證了本文提出的入侵檢測系統(tǒng)的可行性和有效性。
[Abstract]:Mobile Ad Hoc network is a kind of wireless multi-hop peer-to-peer network with no infrastructure, self-organization and dynamic change of network topology. It has the advantages of fast networking, convenient configuration, low cost and good survivability. In recent years, mobile Ad Hoc network has been used in tactical communication. Commercial and civil environment, emergency relief and other occasions are more widely used. However, compared with other networks, due to its unique characteristics, mobile ad hoc networks bring a variety of new problems, such as cooperation, routing, security and so on. Among them, choosing appropriate routing and maintaining routing information is the basis of providing normal network services, especially for the maintenance of network topology. Any terminal in mobile Ad Hoc networks may join the routing process and be vulnerable to external or internal attacks. Therefore, the research of routing security is one of the key issues in the further development of mobile Ad Hoc networks. As an intrusion prevention mechanism, encryption, authentication and other technologies are widely used in the Ad Hoc network routing security, but there is no way to attack from within the network, which needs to complement the behavior detection and response technology. Jointly guarantee routing security. On the basis of deep research on secure routing and routing intrusion detection in mobile ad hoc networks at home and abroad, this paper focuses on how to effectively detect routing intrusion behavior in mobile Ad Hoc networks and how to accurately respond to remove malicious routing nodes from the network. The reliability of the routing environment is analyzed. By referring to the intrusion detection models and methods of wired and existing wireless ad hoc networks, the characteristics of Ad Hoc networks such as centerless, self-organizing, random topology variation and finite energy are fully considered. This paper proposes a lightweight intrusion detection model based on friend mechanism to ensure routing security in mobile Ad Hoc networks. The model is implemented in two layers. The first layer is the local intrusion detection module, and the second is the global detection module by configuring the hybrid intrusion detection engine to quickly identify the primary friend nodes. After comprehensive detection of primary friend nodes, it is finally determined whether the node is a true friend node, and the false alarm rate is reduced. Finally, the trust level of each node is generated according to the voting mechanism. Based on the intrusion detection model proposed in this paper, the detection scheme for two typical routing attacks in Manet is designed by using AODV protocol, and the simulation analysis is carried out by using OPNET and other software. The results show that the proposed scheme can detect the attack effectively, and compare the detection results of this paper with those of the existing models, and further verify the feasibility and effectiveness of the intrusion detection system proposed in this paper.
【學位授予單位】：西安電子科技大學
【學位級別】：碩士
【學位授予年份】：2014
【分類號】：TN915.08

【相似文獻】

相關(guān)期刊論文 前10條

1 周亞建;楊義先;;無線Ad Hoc網(wǎng)絡(luò)的安全[J];中興通訊技術(shù);2007年05期

2 陳宇峰;向鄭濤;蔣偉榮;簡煒;;無線網(wǎng)狀網(wǎng)路由攻擊和路由安全研究進展[J];湖北汽車工業(yè)學院學報;2009年04期

3 陳天池;王培康;;MANET路由與路由安全問題[J];無線電工程;2006年06期

4 劉志遠;;無線傳感網(wǎng)絡(luò)中一種安全的LEACH協(xié)議[J];計算機應(yīng)用研究;2008年09期

5 李振汕;;DHT網(wǎng)絡(luò)路由安全問題研究[J];網(wǎng)絡(luò)安全技術(shù)與應(yīng)用;2011年03期

6 況曉輝,胡華平,呂世輝;移動Ad-hoc網(wǎng)絡(luò)安全[J];小型微型計算機系統(tǒng);2003年10期

7 王梅,吳蒙;MANET中常見的路由安全威脅及相應(yīng)解決方案[J];通信學報;2005年05期

8 季曉君;田暢;張毓森;;Ad hoc網(wǎng)絡(luò)路由安全[J];解放軍理工大學學報(自然科學版);2006年04期

9 羅俊海;范明鈺;葉丹霞;;MANET路由安全研究[J];計算機應(yīng)用研究;2008年01期

10 雷瑞林;;無線mesh網(wǎng)絡(luò)及其路由安全研究[J];網(wǎng)絡(luò)安全技術(shù)與應(yīng)用;2009年02期

相關(guān)會議論文 前1條

1 朱道飛;汪東艷;劉欣然;黨勁峰;隆克平;;無線ad hoc網(wǎng)絡(luò)路由安全的策略研究[A];2005通信理論與技術(shù)新進展——第十屆全國青年通信學術(shù)會議論文集[C];2005年

相關(guān)碩士學位論文 前9條

1 王晗;空間信息網(wǎng)路由安全機制在仿真平臺的實現(xiàn)[D];東北大學;2008年

2 高永康;VANET路由及路由安全研究[D];北京郵電大學;2011年

3 宋嘉燦;移動自組網(wǎng)路由安全及協(xié)議的研究[D];中南大學;2008年

4 章牧;域間QoS路由及其路由安全的研究[D];電子科技大學;2008年

5 陳鵬;無線Ad Hoc網(wǎng)絡(luò)路由安全研究[D];北京郵電大學;2010年

6 譚雄;無線Ad Hoc網(wǎng)絡(luò)路由安全協(xié)議的研究[D];南京郵電大學;2012年

7 周敬祥;Ad Hoc網(wǎng)絡(luò)路由安全和密鑰管理技術(shù)的研究[D];武漢理工大學;2006年

8 宋亞男;移動Ad Hoc網(wǎng)絡(luò)路由安全研究[D];南京郵電大學;2014年

9 王仙;基于朋友機制的移動Ad Hoc網(wǎng)絡(luò)路由入侵檢測技術(shù)研究[D];西安電子科技大學;2014年

，

本文編號：2149627