西安交通大学学报
西安交通大學學報
서안교통대학학보
JOURNAL OF XI'AN JIAOTONG UNIVERSITY
2009年
12期
26-30
,共5页
无线局域网%入侵检测%隐马尔可夫模型
無線跼域網%入侵檢測%隱馬爾可伕模型
무선국역망%입침검측%은마이가부모형
wireless local area network%intrusion detection%hidden Markov model
将无线局域网媒体接入控制(MAC)层字段作为检测入侵的分析对象,提出了基于隐马尔可夫模型(HMM)的无线局域网MAC层入侵检测方法.采用了基于控制台、服务器、代理的3层分布式无线局域网入侵检测框架;基于HMM模型对无线局域网的MAC帧头部进行建模;利用正常的无线局域网络数据对HMM进行训练,并记忆正常系统下的数据包行为.由此,检测发现了出现概率小的数据包或数据包序列,并制定了入侵检测阈值.试验结果表明,所提方法对已有的无线局域网MAC层攻击的误报率和漏报率比较低,并能检测未知攻击.
將無線跼域網媒體接入控製(MAC)層字段作為檢測入侵的分析對象,提齣瞭基于隱馬爾可伕模型(HMM)的無線跼域網MAC層入侵檢測方法.採用瞭基于控製檯、服務器、代理的3層分佈式無線跼域網入侵檢測框架;基于HMM模型對無線跼域網的MAC幀頭部進行建模;利用正常的無線跼域網絡數據對HMM進行訓練,併記憶正常繫統下的數據包行為.由此,檢測髮現瞭齣現概率小的數據包或數據包序列,併製定瞭入侵檢測閾值.試驗結果錶明,所提方法對已有的無線跼域網MAC層攻擊的誤報率和漏報率比較低,併能檢測未知攻擊.
장무선국역망매체접입공제(MAC)층자단작위검측입침적분석대상,제출료기우은마이가부모형(HMM)적무선국역망MAC층입침검측방법.채용료기우공제태、복무기、대리적3층분포식무선국역망입침검측광가;기우HMM모형대무선국역망적MAC정두부진행건모;이용정상적무선국역망락수거대HMM진행훈련,병기억정상계통하적수거포행위.유차,검측발현료출현개솔소적수거포혹수거포서렬,병제정료입침검측역치.시험결과표명,소제방법대이유적무선국역망MAC층공격적오보솔화루보솔비교저,병능검측미지공격.
The packet field of wireless local area network(WLAN)medium access control (MAC)layer is taken for the analytical object of detecting intrusion.An intrusion detection method of WLAN MAC layer iS proposed based on the hidden Markov model(HMM).A three layers frame including console,server and agents is given;the data of WLAN MAC layer is used to model the HMM:then the normal data of WLAN iS used to train the HMM and to memorialize the normal action of WLAN.An intrusion will be detected when the occuring probability of a packet data or a sequence of packet data is smaller than a given threshold.Experimental results show that the proposed method has low false positive rate and missing report rate when detecting the known attacks on WLAN MAC layers,and also detects unknown attacks.