تشخيص ناهنجاري در پروتكل مسيريابي AODV

چكيده انگليسي :

90 Anomaly Detection in Ad hoc On Demand Distance Vector AODV Protocol Masih Abedini m abedini@ec iut ac ir Date of Submission May 1 2012 Department of Electrical and Computer Engineering Isfahan University of Technology Isfahan 84156 83111 Iran Degree M Sc Language Farsi Supervisor Mehdi Berenjkoub brnjkb@cc iut ac ir Abstract Mobile Ad Hoc Networks MANETs are highly vulnerable to attacks caused by the wireless medium dynamically changing network topology cooperative routing algorithms lack of infrastructure etc In recent decade lots of researches had been made or still in process to resolve the security defects in MANETs and many security schemes from different aspects of MANETs have been proposed such as secure routing protocol key management trust management intrusion detection system IDS etc Attack prevention mechanism such as authentication and encryption can be used as the first line of defense to reduce the possible attacks Intrusion detection is the second line of defense to detect attacks Therefore rapid and accurate detection of attacks reduces damage to the networks Main research on IDS in MANETs categorized in two major groups the architecture and the detection engine The techniques for detecting the malicious attacks in detection engines are generally classified into three classes namely misuse detection anomaly detection and specification based detection Due to originality of the environment and a lot of unknown attacks in these networks anomaly detection plays the most important role to detect the malicious attacks The requirement for having a labeled traffic data in training dataset from a supervised learning technique may not be satisfied in some conditions particularly in dynamic short term and ad hoc wireless networks access environments The ability to conduct classification without a labeled traffic data is an essential challenge to modern network security and intrusion detection In addition the lack of labeled traffic data and expensive production of such data for modern networks had justified the use of unsupervised statistical methods Common methods for anomaly detection first build a normal profile from normal traffic data on the network then this profile uses for a long time However for MANETs since the network conditions are likely to change the pre defined network state may not correctly represent the state of the current network This problem actually influences the accuracy of the anomaly detection method In this study using two unsupervised statistical methods two dynamic anomaly detection engines are introduced The first one is based on Robust Principle Component Analysis RPCA Using this method the assumptions such as learning data free of outlier or inactive malicious nodes in the first time interval are no longer needed Furthermore the normal profile of the anomaly detection engine will be updated at certain times The second method uses a Hidden Markov Model HMM for anomaly detection engine HMM usually uses for anomaly detection on sequential data Because the ability of this method to model various processes it wildly used to detect anomalies in the diverse networks Both of the proposed methods involve three stages training detection and updating normal profile As a case study in this thesis one of the most popular MANET routing protocols i e the Ad hoc On demand Distance Vector AODV routing is used Also appropriate features for anomaly detection in the network layer are selected and the network simulator 2 ns 2 to conduct the MANET simulations and consider scenarios for detecting three types of attacks are applied Simulation results of the anomaly detection engine that use RPCA confirm the importance of using RPCA In both methods the simulation results show the advantage of updating normal profiles compared to conventional schemes Keywords Anomaly Detection Intrusion Detection System Mobile ad Hoc Networks AODV Robust Principal Component Analysis Hidden Markov Model

عابديني، مسيح

تشخيص ناهنجاري در پروتكل مسيريابي AODV

شبكه هاي اقتضايي سيار , مدل ماركف پنهان , تحليل مولفه هاي اصلي مقاوم