跳到主要內容

臺灣博碩士論文加值系統

(34.204.180.223) 您好!臺灣時間:2021/07/31 18:06
字體大小: 字級放大   字級縮小   預設字形  
回查詢結果 :::

詳目顯示

我願授權國圖
: 
twitterline
研究生:葉宥呈
研究生(外文):Yow-Cheng Yeh
論文名稱:應用模糊推論於無線網路非參數入侵偵測系統研究
論文名稱(外文):Application of ANFIS to Intrusion Detection System of WLAN
指導教授:馬杰馬杰引用關係
指導教授(外文):Jeich Mar
學位類別:碩士
校院名稱:元智大學
系所名稱:通訊工程學系
學門:工程學門
學類:電資工程學類
論文種類:學術論文
論文出版年:2009
畢業學年度:97
語文別:中文
論文頁數:68
中文關鍵詞:無線區網可適性類神經模糊推論
外文關鍵詞:ANFISIEEE 802.11
相關次數:
  • 被引用被引用:0
  • 點閱點閱:125
  • 評分評分:
  • 下載下載:0
  • 收藏至我的研究室書目清單書目收藏:0
由於無線區網IEEE 802.11b/g在訊框(frame)的安全與認證上並不完整,導致攻擊者可透過偽造無線封包中的訊框內容進行攻擊。雖透過以疊積和(cumulative sum, CUSUM)為基礎的非參數序列變化點偵測演算法(non-parametric sequential change point detection, NPSCPD)統計解除認證封包量,可偵測網路環境是否遭受攻擊,但其平均偵測延遲時間(average detection delay, ADD)太長。由於無線區網受攻擊時,無線封包之訊框中的封包序列值(sequence number)會發生不正常的變化量。在本論文中建構媒介存取控制(medium access control, MAC)層的無線封包擷取與訊框內容分析系統(data acquisition and analysis system, DAAS),並提出以適應性類神經網路(adaptive neuro-fuzzy inference system, ANFIS)為基礎,結合封包序列值變化量與非參數序列演算法進行無線區網入侵偵測,降低平均入侵偵測延遲時間。
The intruders may attack the medium access control (MAC) layer of a WiFi network using forged de-authentication frames that cause clients to disconnect from an access point (AP). The non-parametric sequential change point detection (NPSCPD) methodology detects the de-authentication denial-of-service (DoS) attacks and maintains the average false alert rate (FAR) below a prescribed low level. But its average detection delay (ADD) is too long to efficiently provide compensation before the network is disabling. When the wireless local-area networks (WLANs) are attacked, the sequence number value in the packets varies abnormally. In this thesis, the packet collection and frame content analyzing system for the MAC layer of 802.11b/g WLAN is constructed on x86 embedded system. Based on adaptive neuro-fuzzy inference system (ANFIS) rule, the change value of the packet sequence number, de-authentication frames and the NPSCPD algorithm are used to reduce the ADD of the network intrusion detection system. Finally, the simulated observation data are used to test the FAR and ADD performance of the proposed intrusion detection system.
中文摘要 i
英文摘要 ii
致謝 iii
圖目錄 v
表目錄 vi
符號說明 vii
第一章 緒論 1
1.1 研究動機與目的 1
1.2 研究方法 4
1.3 各章提要 4
第二章 無線區域網路系統架構 6
2.1 IEEE 802.11與OSI模型的關係 6
2.2 IEEE 802.11媒介存取控制訊框格式 7
2.3 IEEE802.11b/g存取控制層弱點 16
2.4 無線攻擊分析 17
第三章 非參數序列變化點偵測(NPSCPD)演算法 20
3.1 NPSCPD入侵偵測系統參數介紹 20
3.2 NPSCPD入侵偵測系統參數訓練 25
第四章 應用可適性類神經模糊推論系統於無線入侵攻擊偵測 28
4.1 可適性類神經模糊推論系統概述 28
4.2 可適性類神經模糊推論系統架構 29
4.3 可適性類神經模糊推論系統之參數學習 34
4.4 可適性類神經模糊推論系統訓練過程與結果 39
第五章 無線入侵偵測平台實驗 44
5.1 無線入侵偵測平台實驗 44
5.2 無線區網封包擷取與訊框分析系統 47
第六章 實驗結果分析 53
6.1 NPSCPD偵測系統之訓練 53
6.2 ANFIS入侵偵測系統之偵測性能 55
第七章 結論 64
參考文獻 65
[1]W. A. Arbaugh, N. Shankar, Y. Wan, and K. Zhang, “Your 802.11 wireless network has no clothes,” IEEE Wireless Communications, Vol. 9, pp. 44 – 51, December 2002.
[2]H. Debar, M. Dacier, and A. Wespi, “Toward a taxonomy of intrusion detection systems,” Computer Networks, Vol. 3, pp. 805-822, 1999.
[3]A. Makanju, P. LaRoche, A.N.Zincir-Heywood, “A Comparison Between Signature and GP-Based IDSs for Link Layer Attacks on WiFi Networks,” Proceedings of the 2007 IEEE Symposium on Computational Intelligence in Security and Defense Applications (CISDA 2007), pp. 213 – 219, April 2007
[4]V. Alarcon-Aquino and J.A. Barria,”Anomaly detection in communication networks using wavelets,” IEE Proc. Commun., Vol. 148, pp. 355-362, December 2001.
[5]F. Feather and R. Maxon, “Fault detection in an Ethernet network using anomaly signature matching,” In ACM Sigcomm, Vol. 23, 1993.
[6]A. Lazarevic, L. Ertoz, A. Ozgur, J. Srivastava, V. Kumar, “A comparative study of anomaly detection schemes in network intrusion detection”, Proceedings of Third SIAM Conference on Data Mining, San Francisco, May 2003.
[7]C. Manikopoulos and S. Papavassiliou, “Network intrusion and fault detection: a statistical anomaly approach”, IEEE Communications Magazine, Vol. 40, Issue 10, pp. 76-82, 2002.
[8]R.R. Talpade, G. Kim, and S. Khurana, “NOMAD: Traffic-based network monitoring framework for anomaly detection,” Proc. 4th IEEE Symp. on Computers and Communication, 1998.
[9]V. A. Siris and F. Papagalou, “Application of anomaly detection algorithms for detecting SYN flooding attacks,” Globecom, 2004.
[10]V. Paxon and S. Floyd, “Wide-area traffic: the failure of Poisson modeling,” IEEE/ACM Trans. Networking, Vol. 3, pp. 226-244, 1995.
[11]S. Dalal, Ho Yu-Yun, A. Jain, A. McIntosh, “Application performance assurance using end-to-end user level monitoring”, Proceedings. International Conference on Dependable Systems and Networks, pp. 694-703, 2002.
[12]S. Schechter, J. Jung, and A. Berger, “Fast detection of scanning worm infections,” 7th Intern. Symp. on Recent Advances in Intrusion Detection (RAID), 2004.
[13]R. Blazek, “Evaluation of the Performance of Network Intrusion Detection Algorithms via Resampling of Packet Inter-arrival Times”, Proceedings, Twelfth Cross-strait Telecommunication Workshop (第十二屆海峽兩岸無線電技術研討會), Lan-Zhou, China, 2007.
[14]B. Rozovskii, A. Tartakovsky, R. B. Blazek, H. Kim, “A Novel Approach to Detection of Intrusions in Computer Networks via Adaptive Sequential and Batch-sequential Change-point Detection Methods,” IEEE Transactions on Signal Processing, Vol. 54, No. 9, pp. 3372-3382, Sept. 2006.
[15]R. Bansal, S. Tiwari and D. Bansal, “Non-cryptographic methods of MAC spoof detection in wireless LAN,” 16th IEEE International Conference, pp. 1-6, Dec 2008.
[16]F. Guo and T. cker Chiueh, “Sequence number-based MAC address spoof detection,” Proceedings of the 8th International Symposium on Recent Advances in Intrusion Detection, Vol. 3858, pp. 309-329, Jan 2006.
[17]802.11 無線網路技術通論 第二版,美商歐萊禮, 2006
[18]J. Mirkovic, S. Dietrich, D. Dittrich, and P. Reiher, Internet Denial of Service: Attack and Defense Mechanisms. Prentice Hall PTR: NJ, 2005.
[19]Wright, J.(2003), "Detecting Wireless LAN MAC Address Spoofing," Whitepaper.
[20]M. Basseville and I.V. Nikiforov, Detection of Abrupt Changes: Theory and Applications. Prentice Hall, Englewood Cliffs, 1993.
[21]G. Lorden, “Procedures for reacting to a change in distribution,” Ann. Math. Statist., Vol. 42, pp. 1987-1908, 1971.
[22]D. Marchette, Computer Intrusion Detection and Network Monitoring: A Statistical Viewpoint. Springer, 2001.
[23]M. Pollak, “Optimal detection of a change in distribution,” Ann. Stat., Vol. 13, pp. 206-227, 1985
[24]C.S.J. Chu; K. Hornik; C.M. Kuan, “MOSUM Tests for Parameter Constancy,” Biometrika, Vol. 82, No. 3., pp. 603-617, Sep., 1995.
[25]M. Huskova, G. Neuhaus, “Change point analysis for censored data,” Journal of Statistical Planning and Inference, Vol. 126, Issue 1, pp. 207-223, 2004.
[26]L. Komarkova, “MOSUM-type Tests for a Change-point Problem with Censored Data,” Robust’2004.
[27]J. Antoch and M. Huskova, “Permutation tests in change point analysis”, Statistics & Probability Letters, Vol. 53, Issue 1, pp 37-46, 2001.
[28]B. Efron and R. Tibshirani, An Introduction to the Bootstrap. Chapman & Hall, 1993.
[29]A. Tartakovsky, B. Rozovskii, R.B. Blazek, H. Kim, “Detection of Intrusions in Information Systems by Sequential Change-point Methods”, Statistical Methodology, Vol 3, Issue 3, pp. 252-293, July 2006.
[30]A. Tartakovsky, B. Rozovskii, R.B. Blazek, H. Kim, “Response of Authors to Discussions on Detection of Intrusions in Information Systems by Sequential Change-point Methods”. Statistical Methodology, Volume 3, Issue 3, pp. 329-340, July 2006.
[31]J. Jung, V. Paxson, A. Berger, and H. Balakrishnan, “Fast portscan detection using sequential hypothesis testing,” IEEE Symp. on Security and Privacy, 2004.
[32]S. Zacks, “Survey of classical and Bayesian approaches to the change-point problem: Fixed sample and sequential procedures of testing and estimation”, in Recent advances in statistics, pp. 245-269, 1983.
[33]C.-C. Hsu, “The MOSUM of squares test for monitoring variance changes”, Finance Research Letters, Vol 4, Issue 4, December 2007,
[34]A.G. Tartakovsky, Asymptotic properties of CUSUM and Shiryaev''s procedures for detecting a change in a nonhomogeneous Gaussian process, Mathematical Methods of Statistics, Vol. 4, No. 4, pp. 389-404, 1995.
[35]M. A. Girshick and H. Rubin, “A Bayes approach to a quality control model”, Annals of Mathematical Statistics, Vol. 23, pp. 114-125, 1952.
[36]認識Fuzzy 第三版, 全華圖書股份有限公司, 2007
[37]J. S. R. Jang, ”ANFIS: adaptive network based fuzzy inference system,” IEEE Trans. Systems, Man, and Cybernetics, Vol. 23, No. 3, pp. 665-685, June 1993.
[38]Timothy J. Ross, Fuzzy Logic with Engineering Application, University of New Mexico, McGraw-Hill, 1995.
[39]Y. Xu, Z. Liu,“Design and Implementation of Wireless Mesh Network Testbed Based on Layer 2 Roting,” Wireless Communications, Networking and Mobile Computing, pp. 1-4, October 2008.
[40]J. Rubio-Loyola, D. Sala, A.I. Ali, ”Accurate Real-time Monitoring of Bottlenecks and Performance of Packet Trace Collection,” IEEE Conference. Local Computer Networks, pp. 884-891, October 2008.
電子全文 電子全文(本篇電子全文限研究生所屬學校校內系統及IP範圍內開放)
QRCODE
 
 
 
 
 
                                                                                                                                                                                                                                                                                                                                                                                                               
第一頁 上一頁 下一頁 最後一頁 top