Cluster-based Mobile Ad Hoc Network Intrusion Detection System Research And Design

With the rapid development of wireless communication technology as well as the improved performance of mobile terminal, Mobile Ad Hoc Networks (MANETs) have been widely used in military and civil, and the requirements for security and reliability of MANETs increase steadily. Therefore, the network security in MANETs has become an interesting research topic.The nature of MANETs such as the open medium, dynamically changing network topology and so on, especially the nodes with inadequate physical protection are receptive to being captured, then attacks come from within the network by a compromised node, but the traditional key management and authentication, etc. security solutions can't confront these attacks, so as the second line of defense, intrusion detection is the necessary means of getting the high survivability.The IDS system architecture in MANETs is the. key problem for IDS's efficiency in MANETs. By a analysis on topologic structure in MANETs, we decided to use clustering structure in IDS in MANETs. At the same time, we proposes a improved NTDR, on-demand weight NTDR(DWNTDR), based on the question and lack of the existing clustering algorithms. The algorithm has synthetically considered the degree and velocity, etc. factor of MANETs, which is proved by simulation to have better adaptability for MANETs with its dynamic topologic structure, and being suitable for IDS in MANETs.Export information of IDS is very important for IDS, So due to the unique characteristics of MANETs and requests of IDS in MANETs and refering to the IDMEF data model, we put forward and designed AdhocIDMEF data model to fit the MANETs and IDS in MANETs.It gives a thorough analysis on the of security requirements of MANETs and summarize research in the field and research above, then a cluster-based multilayer distributed intrusion detection system in MANETs has been introduced (CMDIDS-MANETs). This system can enhance the security, resource utilization ratio, collaborative detection capability of intrusion detection and detection rate, and can also reduce the communication load and alarm ratio.