Intrusion Detection Techniques for Mobile Ad Hoc Networks

移动自组织网络的入侵检测技术

• 批准号: 0311024
• 负责人: Wenke Lee
• 金额: $ 27.5万
• 依托单位: Georgia Tech Research Corporation
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2003
• 资助国家: 美国
• 起止时间: 2003-08-15 至 2007-07-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=0311024&HistoricalAwards=false
• 关键词: Intrusion; Detection; Techniques; Mobile; Ad

Proposal Number: 0311024TITLE: Intrusion Detection Techniques for Mobile Ad Hoc NetworksPI: Wenke LeeAbstract:A mobile ad hoc network (MANET) is formed by a group of mobile wireless nodes often without the assistance of fixed or existing network infrastructure. A MANET is very vulnerable to attacks because of its characteristics of open medium, dynamically changing network topology, lack of centralized monitoring and management point, and lack of computing resources and (battery) power. This research focuses on developing intrusion detection capabilities for a MANET.A distributed intrusion detection architecture is investigated. Each MANET node can be the monitoring node for itself, or a cluster of neighboring MANET nodes can elect a monitoring node for the neighborhood. A detection agent runs on each monitoring node to detect local intrusions and collaborates with other agents to investigate the source of intrusion and coordinate responses. This research develops a learning-based algorithm that can automatically compute detection models based on the correlations among a large set of features. For efficiency, a cascaded detection scheme is studied where simple and energy efficient models can first filter out the vast amount of normal data so that the more complex and energy consuming models only need to analyze a small amount of suspicious data.The novel intrusion detection architecture and algorithms in this research will be valuable to not only MANET but also other existing and future technologies.

提案编号：0311024TITLE：移动自组网入侵检测技术PI：李文科摘要：移动自组网(MANET)是由一组移动无线节点组成的，通常不需要固定或现有的网络基础设施的帮助。移动自组网具有介质开放、网络拓扑动态变化、缺乏集中监控管理点、计算资源和(电池)电量不足等特点，极易受到攻击。本研究着眼于开发MANET的入侵检测能力，研究了一种分布式入侵检测体系结构。每个MANET节点可以是其自身的监控节点，或者相邻MANET节点的集群可以为邻居选举监控节点。检测代理运行在每个监控节点上以检测本地入侵，并与其他代理协作以调查入侵的来源并协调响应。本研究开发了一种基于学习的算法，该算法可以根据大量特征之间的相关性自动计算检测模型。为了提高检测效率，研究了一种简单、节能的级联检测方案，其中简单、节能的模型可以首先过滤掉海量的正常数据，从而使更复杂、更耗能的模型只需要分析少量的可疑数据，该研究的新颖的入侵检测体系结构和算法不仅对MANET具有参考价值，而且对其他现有和未来的技术也具有参考价值。