Chen Guanlin,Feng Yan,Wang Zebing

DOI: https://doi.org/10.3969/j.issn.1000-0801.2010.10.014

2010-01-01

Abstract:Nowadays wireless intrusion prevention systems have become the research hotspot with the fast development of WLAN.In this paper,we first introduce the common attack methods for WLAN,and then present the framework of the wireless IPS with a distributed pre-decision engine,which can predict the future actions and direct active responses to these actions.We implement an improved model with extended detection rules for conducting intrusion plan and making pre-decision,by gathering wireless device information and importing supporting degree of intrusion plan in plan recognition.Experimental results showed that the distributed pre-decision engine can not only improve wireless intrusion detection and prevention performance,also reduce false negatives and false positives evidently.

Da-Wen Huang,Fengji Luo,Jichao Bi,Mingyang Sun

DOI: https://doi.org/10.1109/tifs.2022.3191491

IF: 7.231

2022-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Deploying Intrusion Detection Systems (IDSs) is an essential way to enhance the security of Multi-hop Clustered Wireless Sensor Networks (MCWSNs). The conventional IDS deployment architectural designs show limitations in ensuring the security of MCWSNs due to the limited monitoring range of the nodes. This paper proposes an efficient IDS deployment architecture for MCWSNs. The architecture is a hybrid design, in which the cluster heads and the sink collaboratively act as IDS agents to monitor the entire network and perform intrusion detection. Based on the new architecture, this paper proposes a resource allocation model to optimally allocate resources among the IDS agents so that the network’s security metric can be maximized. A comprehensive analytical framework is proposed to analyze the optimality of the model’s solution, and an efficient computational approach is developed to obtain the optimal resource allocation strategy. Extensive numerical simulation and comparison studies are conducted to validate the proposed method.

Hongjian Li,Ming Xu,Yi Li

DOI: https://doi.org/10.1109/CISIS.2008.42

2008-01-01

Abstract:The architecture and characteristic of wireless mesh networks (WMN), as well as the significance of intrusion detection system (IDS) in its application were investigated. Based on the embedded analyzing of IDS technologies in ad hoc network and WLAN (wireless local area network), combined with the security requirements in WMN itself, it is concluded that both the architecture of distributed and cooperative IDS in ad hoc network and distributed IDS in WLAN can not be applied directly in WMN. A new architecture of asymmetric distributed and cooperative IDS for WMN based on the application of agent was proposed in the paper. This new architecture of IDS in WMN was then simulated by the attack detection of IEEE 802.11 MAC selfish behavior in NS2, using the IDS selfish behavior attack detection model ground on the judgment mechanism of double mode, which was also brought forward. The result of the simulation shows that the given new architecture of asymmetric distributed and cooperative IDS and the IDS selfish behavior attack detection model fitted WMN well.

李宏建,徐明,李洋

DOI: https://doi.org/10.3969/j.issn.1007-130x.2009.07.004

2009-01-01

Abstract:The architecture and characteristics of Wireless Mesh Networks (WMN),as well as the significance of the intrusion detection system (IDS) in building secure WMNs are investigated.Based on an in-depth analysis of the IDS technologies in ad hoc networks,the technologies of cross-layer,and trouble shooting,a new architecture of asymmetric,distributed and cooperative IDS with the technologies of trouble shooting and cross-layer for WMNs based on the application of agents are proposed in the paper,and the design principle of the agent modules are analysed in detail ulteriorly.Finally,this new architecture of IDS in WMNs is simulated by the attack detection of the MAC selfish behavior in NS2.The result of simulation shows that the given new architecture of IDS fits WMNs well.

张可,吴瑜,刘乃琦,贾海涛

DOI: https://doi.org/10.3969/j.issn.1002-137x.2009.03.077

2009-01-01

Computer Science

Abstract:For the hidden troubles of current electricity information networks,introduced a design of new architecture of intrusion detection system based on IXA with three protection-layers for electricity information networks.Combining the detections based on hosts and networks,this architecture provided integrative multilayer protection for electricity information networks,just like the biologic immunity system.This architecture uses the network processor as its analysis engine for the high speed and powerful programmable multiprocessing characteristic of Intel IXP.This architecture has more flexible and extensible characteristics.

Xiaoyan Cai

2008-01-01

Abstract:This paper first analyzed the main features of the wireless sensor network;then set forth the most common intrusion detection architectures of wireless sensor network;and studied typical algorithms emphatically,as well as presented their advantages and disadvantages in detail.Finally,addressed some valuable directions for further research.

Lu Taohong,Liu Jiayong

DOI: https://doi.org/10.3969/j.issn.1009-6833.2006.10.038

2006-01-01

Abstract:The paper starts with an analysis of the techniques of WLAN in existence, including a common work model and some security mechanisms referenced in its standard.Then it brings about the problem of WLAN standard to security.To offset the defects in security,a WLAN intrusion detection system is designed,followed by realization of every nodule in the system.

Chen Min

2002-01-01

Abstract:In recent years, intrusion detection systems, being the important part of the information security system, have gained extensive attentions. Many different intrusion detection technologies come into being. This paper presents an architecture of Intrusion Detection Systems (IDS) based on autonomous agents. The distributed architecture paves the way in that IDSes can avoid the single point failure of the distributed systems, balance the system load and improve the efficiency, to meet the requirements of modern computer and network technologies.

王文奇,郑秋生,吴婷,李伟华

DOI: https://doi.org/10.16208/j.issn1000-7024.2008.14.070

2008-01-01

Abstract:At present intrusion detection system(IDS) in high-speed network is a main point in security domain.The main problem and various restricted factors IDS faced in high-speed network is analyzed,and involved researches such as zero-copy technique and fast pattern matching model is introduced too.Finally,the distributed intrusion detection system based data-distribution is figured out as a good measure,and some remaining problems and emerging trends in this area is presented.

. C. Ioannou,V. Vassiliou,S. M. Kasongo,Y. Sun,Y. Xiao,C. Xing,T. Zhang,Aman deep Kaur,Prakash Rao Ragiri,H. Alipour,Y. B. Al-Nashif,P. Satam

2020-01-01

Abstract:The threat of cyber intrusion is progressively high and harmful. Intrusion Detection Systems (IDS) provides the ability to identify security breaches in a system. A security breach will be taking any action based on the owner of the system believes unauthorized. Attacks in Wireless Networks (WNs) aim in limiting or even eliminating the ability of the network to perform its expected function. WNs are networks with limited resources and often deployed in uncontrollable environments that an intruder can easily access. WN attacks target specific network layer’s vulnerabilities but normally affect other layers as well. Network layer should be monitored and evaluated in order to detect possible malicious intervention. In this research, a general methodology of an anomaly-based Intrusion Detection System is proposed and evaluated the proposed system using routing layer attacks in Ad-hoc Distance Vector Routing (AODV) protocol and IDS is able to detect malicious activity and our solution delivered the packets to the receiver in a new route without discarding.

张勇

DOI: https://doi.org/10.3969/j.issn.1007-757x.2009.08.004

2009-01-01

Abstract:Security is one of the most important issues of wireless sensor networks (WSNs), because of the open-access of wireless link, the limited survival circle, dynamic topology changing. The traditional security strategy based on firewall takes a little of effects .The IDS that acts as an initiative defending method, has become a hot approach to security. This paper analyzes the current status of IDS, builds a model that could handle the multi-object、multi-attacker、multi-level attack, improves the probability of succeeding in defending attack, extends the whole networks survival cycle.

李涛,胡爱群

DOI: https://doi.org/10.3969/j.issn.1009-8054.2008.12.064

2008-01-01

Abstract:As the extension of wire networks,Wireless Local Area Network is becoming more and more popular.Meanwhile it brings so many information security problems in the field of government affairs and official business.This paper presents the framework of a WLAN safety detecting system,this system is characterized by capturing wireless data packets in the air,analyzing WLAN communication protocols and timely discovering security problems.This paper describes the methods for discovering and probing the WLAN device.Experiment prove tests proved that this system could effectively monitor the security characters of the WLAN devices and locate their positions,and thus provide security for WLAN.

Vasaki Ponnusamy,Mamoona Humayun,N. Z. Jhanjhi,Aun Yichiet,Maram Fahhad Almufareh

DOI: https://doi.org/10.32604/csse.2022.018518

IF: 4.397

2021-01-01

Computer Systems Science and Engineering

Abstract:Internet of Things (IoT) devices work mainly in wireless mediums; requiring different Intrusion Detection System (IDS) kind of solutions to leverage 802.11 header information for intrusion detection. Wireless-specific traffic fea-tures with high information gain are primarily found in data link layers rather than application layers in wired networks. This survey investigates some of the com-plexities and challenges in deploying wireless IDS in terms of data collection methods, IDS techniques, IDS placement strategies, and traffic data analysis tech-niques. This paper's main finding highlights the lack of available network traces for training modern machine-learning models against IoT specific intrusions. Spe-cifically, the Knowledge Discovery in Databases (KDD) Cup dataset is reviewed to highlight the design challenges of wireless intrusion detection based on current data attributes and proposed several guidelines to future-proof following traffic capture methods in the wireless network (WN). The paper starts with a review of various intrusion detection techniques, data collection methods and placement methods. The main goal of this paper is to study the design challenges of deploy-ing intrusion detection system in a wireless environment. Intrusion detection sys-tem deployment in a wireless environment is not as straightforward as in the wired network environment due to the architectural complexities. So this paper reviews the traditional wired intrusion detection deployment methods and dis-cusses how these techniques could be adopted into the wireless environment and also highlights the design challenges in the wireless environment. The main wireless environments to look into would be Wireless Sensor Networks (WSN), Mobile Ad Hoc Networks (MANET) and IoT as this are the future trends and a lot of attacks have been targeted into these networks. So it is very crucial to design an IDS specifically to target on the wireless networks.

Xu Nan,He Yijun,Chen Songqiao

DOI: https://doi.org/10.3321/j.issn:1671-4598.2007.04.001

2007-01-01

Abstract:A distributed intrusion detection system model based on Agent is brought up by analyzing the existed Agent-based IDS.It builds up a DIDS model by adopting the method of distributed detection,distributed processing and thinking of multi-Agent.It also realizes the different function unit with Agent,describes all the composed parts of DIDS model,and analyzes the function design and implement prin- ciple in Agent.Though the theories and systems associated with Agent wait to be improved,in the future,the development of IDS will focus on an Agent-based detection framework because of distributed characteristic of network and developing network applications.

F Zhu,JT Zhou,WJ Pei,TJ Wang

DOI: https://doi.org/10.1109/icnnsp.2003.1281200

2003-01-01

Abstract:As wireless is more and more popular in this world, wireless local area network (WLAN) based on IEEE802.11 has been achieving great development. This paper introduces a method to design and implement access control system on Linux operating system. The Access Control (AC) system allows the user access Internet if he or she has passed authentication and monitors the user's action by intrusion detection system (IDS). At the same time, the network address translator (NAT) technology can defense outer network attack. Therefore, the system can not only resist the outer attack but also the inner intrusion.

Yuyang XUE,Hao ZHOU,Baohua ZHAO

DOI: https://doi.org/10.3321/j.issn:0253-987X.2009.10.011

2009-01-01

Abstract:Aimed at the problem that the vulnerable wireless local area network (WLAN) 802.1X protocol is not susceptible to replay and DoS (denial of service) attacks, etc, an informal method is introduced to analyze the security properties of 802.1X protocol. The method classifies attack behaviors according to the ability of attackers, and from the aspect of the role which attackers can play in the protocols (i.e., imitating normal protocol behavior or breaking normal communication). Then a new method, WLAN active testing, is proposed. Attacks to the protocol running mainbody are implemented by simulating the actions of the attacker which can be used to make up protocol messages. The results are used to determine whether the protocol security vulnerabilities exist or not. Testing results show that the method combines characteristics of both the attacker and the tester to cover some known protocol security vulnerabilities, and has the ability to reveal some potential problems.

Yan Chen

2014-01-01

Abstract:Traffic anomalies and attacks are commonplace in today’s networks, and identifying them rapidly and accurately is critical for large network operators. It was estimated that malicious code (viruses, worms and Trojan horses) caused over $28 billion in economic losses in 2003, and will grow to over $75 billion in economic losses by 2007 [11]. Meanwhile, the broadband wireless networks, represented by the emerged IEEE 802.16 standards, is gaining its popularity and will be seamlessly integrated into the current Internet. Such high-speed wireless network may even be connected to the regional backbone directly to construct the wireless metropolitan-area network (MAN). Thus such wireless network will be exposed to all the attacks, viruses and worms in the current Internet. Like the 802.11 wireless LAN, 802.16 network is facing scrutiny on its security mechanisms. Driven by customers’ security awareness and demand, intrusion detection and security management tools become essential part of current 802.11 product offering suite. Although there are a lot of existing 802.11 intrusion detection products, they mostly target to detect denial-of-service attacks caused by the WEP authentication vulnerability, e.g., Airespace [6]. Existing IDSs for wired network have various shortcomings when they are applied to broadband wireless MAN as discussed below [5, 10, 13–15, 17, 20]. Furthermore, there is little intrusion detection research done tailored to 802.16 and beyond 3G. First, they are mostly host-based and not scalable to high-speed networks. However, nowadays rapid propagation of viruses/worms can infect most vulnerable machines in the Internet in only ten minutes [12], and even 30 seconds with advanced techniques [18]. Thus it is crucial to identify such outbreaks in their early phases, which can only be possibly achieve d by detection at the base stations or routers provided by the network infrastructures instead of at end hosts [23]. In fact, it is very hard to implement certain detection techniques, such as those for port scanning, at end hosts. The end hosts, especially for wireless devices, may have various weak computational/power limits to do advanced detection. Thus to augment the wireless MAN infrastructure with accurate intrusion detection and mitigation system can significantly attract the subscribers. However, the existing schemes are not scalable to the link speeds and number of flows for high-speed 802.16 wireless MAN as illustrated below. Second, they are mostly signature-based and unable to adaptively recognize flow-level unknown attacks. Most of them can only detect known attacks with signatures, but not unknown new attacks. Also, attackers can easily evade such IDSs by garbling signatures. Statistical IDSs are therefore proposed to detect anomalous behaviors [2, 7, 8, 21, 22]. To enable accurate detection and attack mitigation, the detection needs to be executed at flow level. Given a spoofed TCP SYN flooding attack sending 40-byte packet streams to a 802.16 network which can provide up to 134Mbps bandwidth, each packet may be considered as a flow, and even to record 10-minute traffic in memory for analysis will take more than 4GB. Thus existing flow-level schemes themselves are vulnerable to attacks [7, 13, 14]. In addition, the statistical parameters are often manually set, and hard to adapt to the traffic pattern changes. However, wireless networks often have transient connections which makes it a big challenge to differentiate collisions, interference, and real attacks. Third, they cannot differentiate malicious events from the unintentional anomalies. Such unintentional anomalies may be caused by network element (e.g.base stations, routers or links) faults. The statistical IDS cannot tell it from malicious attacks, and thus have high false positive rates.

Novarun Deb,Manali Chakraborty,Nabendu Chaki

DOI: https://doi.org/10.48550/arXiv.1108.6010

2011-08-31

Abstract:An Intrusion Detection System (IDS) detects malicious and selfish nodes in a network. Ad hoc networks are often secured by using either intrusion detection or by secure routing. Designing efficient IDS for wireless ad-hoc networks that would not affect the performance of the network significantly is indeed a challenging task. Arguably, the most common thing in a review paper in the domain of wireless networks is to compare the performances of different solutions using simulation results. However, variance in multiple configuration aspects including that due to different underlying routing protocols, makes the task of simulation based comparative evaluation of IDS solutions somewhat unrealistic. In stead, the authors have followed an analytic approach to identify the gaps in the existing IDS solutions for MANETs and wireless mesh networks. The paper aims to ease the job of a new researcher by exposing him to the state of the art research issues on IDS. Nearly 80% of the works cited in this paper are published with in last 3 to 4 years.

Cryptography and Security

WANG Yu-liang,WEN Wei-min,ZHAO Sh

DOI: https://doi.org/10.3969/j.issn.1674-3326.2013.02.018

2013-01-01

Abstract:The influence elements and features of wireless sensor networks security are analyzed.Typical case attack and defense strategy are compared.Intrusion detection model of wireless sensor networks is researched,typical case intrusion detection algorithms are compared and analyzed.And problems to be solved and development direction of wireless sensor networks security are discussed.

Chen, Y.W.,Xia, Y.X.,Zhou, F.,Tian, X.

DOI: https://doi.org/10.1049/cp:20030589

2003-01-01

Abstract:This paper surveys and assesses the technology feasibility and readiness for the application of WLAN in the context of iSCS environment. Major concerns that impact the success of WLAN based iSCS are addressed by surveying solutions from the current spectrum of wireless technology offerings and assessment of their capability to meet iSCS requirements. The paper discusses the WLAN based iSCS configuration. The design of the wireless IEDs is presented with a new bridge configuration proposed. Some practical issues in WLAN based iSCS are highlighted.