CAJ | 학술논문

将无线局域网媒体接入控制(MAC)层字段作为检测入侵的分析对象,提出了基于隐马尔可夫模型(HMM)的无线局域网MAC层入侵检测方法.采用了基于控制台、服务器、代理的3层分布式无线局域网入侵检测框架;基于HMM模型对无线局域网的MAC帧头部进行建模;利用正常的无线局域网络数据对HMM进行训练,并记忆正常系统下的数据包行为.由此,检测发现了出现概率小的数据包或数据包序列,并制定了入侵检测阈值.试验结果表明,所提方法对已有的无线局域网MAC层攻击的误报率和漏报率比较低,并能检测未知攻击.
장무선국역망매체접입공제(MAC)층자단작위검측입침적분석대상,제출료기우은마이가부모형(HMM)적무선국역망MAC층입침검측방법.채용료기우공제태、복무기、대리적3층분포식무선국역망입침검측광가;기우HMM모형대무선국역망적MAC정두부진행건모;이용정상적무선국역망락수거대HMM진행훈련,병기억정상계통하적수거포행위.유차,검측발현료출현개솔소적수거포혹수거포서렬,병제정료입침검측역치.시험결과표명,소제방법대이유적무선국역망MAC층공격적오보솔화루보솔비교저,병능검측미지공격.
The packet field of wireless local area network(WLAN)medium access control (MAC)layer is taken for the analytical object of detecting intrusion.An intrusion detection method of WLAN MAC layer iS proposed based on the hidden Markov model(HMM).A three layers frame including console,server and agents is given;the data of WLAN MAC layer is used to model the HMM:then the normal data of WLAN iS used to train the HMM and to memorialize the normal action of WLAN.An intrusion will be detected when the occuring probability of a packet data or a sequence of packet data is smaller than a given threshold.Experimental results show that the proposed method has low false positive rate and missing report rate when detecting the known attacks on WLAN MAC layers,and also detects unknown attacks.