以決策樹與有限狀態機建構在行動隨意網路中的入侵偵測系統

Abstract

行動隨意網路 ( Mobile Ad Hoc Networks, MANETs )，具有相當的方便性以及高度的機動性。在越來越普遍被使用的同時，安全上的問題也逐漸浮出檯面。為了維護行動隨意網路在使用時的安全品質，我們需要一個入侵偵測系統 ( Intrusion Detection System, IDS )，來偵測出惡意攻擊的行動節點，並有效防禦以做出適當的回應，進而提昇整體無線網路的安全性。在本論文中，我們針對行動隨意網路在安全上的弱點，設計一個入侵偵測機制，以有限狀態機 ( Finite State Machine, FSM ) 結合決策樹 ( Decision Tree, DT ) 來加強行動隨意網路上的安全性。 為了提供一個較為安全的無線行動隨意網路，我們先利用有限狀態機作為偵測的核心，過濾明確的攻擊行為；而對於無法立即判斷的可疑節點或資料封包，則擷取出特徵值，利用決策樹進行分類訓練，使得有限狀態機的偵測效果更加明確，進而深入判斷可疑行為是否為攻擊訊息。 最後，透過決策樹執行一系列的風險係數分析，提供網路使用者最即時的回應，作為網路使用時的安全參考數據，以確保資料的安全以及用戶的權利，進而提升行動隨意網路的整體安全性。本研究經模擬實驗後證實有限狀態機結合決策樹的入侵偵測系統確實能提高偵測惡意攻擊的效率。

Mobile Ad Hoc Networks ( MANETs ) has good convenience and high mobility. The problems in security have appeared when the MANETs get popular. For maintaining the secure that using quality of mobile ad hoc networks, we need an Intrusion Detection System ( IDS ) to detect the malicious attacking nodes and do some proper responses. In this thesis, we focus on the vulnerability of mobile ad hoc networks and design an intrusion detection scheme which combines Finite State Machine ( FSM ) and Decision Tree ( DT ) to enhance security on the mobile ad hoc networks. In order to provide a more secure MANETs, we use FSM to determine and collect the characteristic value from doubted packets which can not recognize definitely. And then, we use the model that trained by DT to determine whether the packets are attacking information or not for the second check. Finally, analyzing the risk coefficient with decision tree and providing network user with immediate responses can be the security reference to ensure the security of the data and the authority of users. After the simulation and experiment, intrusion detection system via finite state machine and decision tree can improve the efficiency of malicious attack detecting.