Research For Fuzzy Intrusion Detection System In Mobility Ad Hoc Networks Based On Cluster

As a new fashion of communication, Mobile Ad hoc network (MANET) has become a very hot research topic. Compared with the conventional wired network, it not only has wide open and dynamic characteristics, but also has inherent advantages such as minimal infrastructure requirements, ease of setup and mobility. But the disadvantages also occur, such as high security risks due to the wireless medium of communication and the difficulty of monitoring the network to detect malicious behavior etc. Previous studies had shown that the traditional intrusion detection approaches are inadequate for effective intrusion detection in an environment with dropping nodes and rapidly changing network topologies. Therefore it is important to research how to achieve effective intrusion detection in MANET.In this thesis, we make an analysis about security for Ad hoc networks, which includes the aim of security, the vulnerabilities of security and the threats to security in ad hoc networks first. In addition, we briefly describe the basic knowledge about intrusion detection. Then, we emphasize on the discussions about state of the art of intrusion detection system (IDS) for ad hoc networks, the difficulties to design the MANET IDS, and the analysis of various intrusion detection methods presented currently. Meanwhile, we give a solution for IDS in ad hoc networks.The conventional MANET intrusion detection Agent models commonly have structure of double detection modules, which are in charge of the local intrusion engine and cooperative detection engine respectively. On the base of analyzing previous intrusion detection model, we present a cluster-based fuzzy intrusion detection system model for MANET called CFIDS. In CFIDS, a mobile agent framework adopts a single detection module, which can not only do coordinating detection, but also degrade complexity of the conventional architecture. The cooperation mechanism between agents is more reasonable. At the same time, combining with fuzzy theory, we present an algorithm of route behavior analysis based on AODV protocol, which has characteristics of high detection rate, simple calculation and fine real-time performance.Cluster structure is the topological base and precondition for the IDS architecture in MANET, since the performance of clustering algorithm for IDS directly affects the whole capability of IDS. According to the CFIDS system architecture and the characteristic of MANET, We present a clustering algorithm for intrusion detection agent distribution in mobile ad hoc networks (DMCHS). The algorithm divides the network into a set of clusters that interconnect in logic. Then, nodes in the same cluster elect and maintain certain number of cluster-heads to run the intrusion detection agents to implement cooperative detection according to the residual energy, impartiality and dependability of nodes. The number of cluster-heads in a cluster is determined by the size of the cluster. From the qualitative analysis, we can see that it has high security and strong capability to tolerate intrusion.Finally, we introduce the simulation tool of NS2 and describe the simulation framework that can be used to evaluate the performance of DMCHS algorithm. Furthermore, we give the simulation implementation of the algorithm in detail. By simulation, we analyze and evaluate the performance of the clustering algorithm quantificationally. The experiment results show that the Agent distribution is even and reasonable and the ratio of detecting packets is high.