Research On Methods Of Intrusion Detection For Hybrid Wireless Mesh Networks

The hybrid Wireless Mesh Network(WMN)is one of the key networking technologies for the development of wireless networks in the future with a well-structured,feature-rich,and highly compatible network.Hybrid WMN is vulnerable to malicious intrusion due to their open media and other features.Intrusion Detection System(IDS)can effectively detect and handle intrusions,therefore the research of IDS in hybrid WMN is of great significance.The number of existing IDS researches specifically for hybrid WMN is small.Because hybrid WMN include network devices with different characteristics such as Mesh clients and Mesh routers,IDSs for other network structures such as infrastructure WMN cannot be fully applied to hybrid WMN.It is necessary to design an intrusion detection method suitable for hybrid WMN.Most existing IDSs of WMN only consider routine performance metrics such as detection rate,false positive rate,and false negative rate.However,in practical applications,the users' demand for wireless network performance is increasing day by day.Successful detection of intrusions can no longer meet users' requirements.It is a new challenge to improve detection efficiency while improving detection rate.For a hybrid WMN with limited energy and resources,a complex detection method may cause higher overhead.Therefore,designing a low overhead intrusion detection method is also of great significance.This paper proposes an efficient mobile agent based intrusion detection system called AH-IDS(Agent based Honeypot-IDS),aiming at the problem that the existing hybrid WMN does not consider the performance metric of detection efficiency.AH-IDS makes use of the mobile agent's powerful mobile computing capabilities and light-weight features to adapt to the hybrid WMN features.The detection system takes into account the energy efficiency of all nodes during detection.The agent first detects nodes with low energy utilization.During detection,the Mesh client and the Mesh router are distinguished from each other when they become malicious nodes,and corresponding detection object weight are given.Comprehensively consider the energy utilization ratio and the detection object weight to optimize the detection order and improve the detection efficiency.The ns-3 simulation results show that compared with the conventional H-IDS(Honeypot-IDS),AH-IDS can improve the detection efficiency of at least about 10% while maintaining a lower packet loss rate and higher throughput of the network.In order to meet the low overhead of the IDS,this paper proposes a low overhead intrusion detection system based on compressed sensing theory called CS-IDS(Compressed Sensing based-IDS).The system does not continue to use mobile agents,and most of the computations run at the gateways.In this system,a new attack metric called Active State Metric(ASM)for blackhole attacks is first proposed to detect intrusions.This metric can effectively identify blackhole attacks by taking into account the active level of node physical layer status and node energy consumption.Compressed sensing theory is mostly used for undersampling recovery of signals or images.In this system,ASM values are compressive sampled with a certain compression rate by mesh nodes,and take the average ASM value D-Th(Dynamic-Threshold)of all dynamically changing nodes as the threshold,processing the sampled data and transforming it into a sparse signal that can be easily identified of the attacks.By setting the reconstruction parameters,the system can accurately reconstruct the original signal with less computation and eventually be used for intrusion detection.Because the number of samplings of the original ASM is significantly reduced,each mesh node bears a relatively small amount of calculation,so this detection method greatly reduces the detection overhead.The ns-3 simulation results show that ASM can identify blackhole attacks well in the system and CS-IDS has higher DR,lower FNR and FPR.At the same time,due to the use of compressive sampling,when the attack density is less than 50%,CS-IDS can reduce the detection overhead by a maximum of about 40% while guaranteeing 95% DR.The research in this paper provides new performance metrics and research ideas for the design of IDS for hybrid WMN,which provides the basis for the design of efficient and low-overhead detection methods.