Please use this identifier to cite or link to this item:
標題: 以Markovian IDS提升無線感測網路的防禦能力
Shielding Wireless Sensor Network Using Markovian IDS
作者: 陳坤宗
Chen, Kuen-Tzung
關鍵字: Wireless Sensor Network
Intrude Detection System
Markov Decision Process
Game Theory
出版社: 資訊科學與工程學系所
引用: 1. 中文部份 (1) 期刊論文 [1] 高崑明,“利用馬可夫鏈模式分析便利商店顧客之消費模式”,國立彰化師範大學,碩士論文,2005。 [2] 陳榮靜、謝佳奮,“運用多階式入侵偵測於無線感測網路”,資訊科 技國際期刊,vol. 2,no. 2,pp. 32-49,2008。 (2) 網路資源 [3] 賽局理論初探,參考日期2009年2月。 [4] Wikipedia, “Markov Chain”, Wikimedia Foundation, Inc.,參考日期2009年3月。 [5] 機率/統計,參考日期2009年2月。 2. 西文部份 (1) Journal and Conference Articles [6] W. Diffie, and M.E. Hellman, “New Direction in Cryptography”, IEEE Transaction on Information Theory, vol. IT-22, no. 6, pp. 644-654, 1976. [7] A. Menezes, P. Oorschot, and S. Vanstone, Handbook of Applied Cryptography, CRC Press, 1997. [8] L. Eschenauer, and V.D. Gligor, “A Key-Management Scheme for Distributed Sensor Networks”, ACM Conference on Computer and Communication Security, pp. 41-47, 2002. [9] L. Buttyan, J.P. Hubaux, and S. Capkun, “A Formal Analysis of Syversons Rational Exchange Protocol”, In Proceedings of the 15th IEEE Computer Security Foundations Workshop, June, 2002. [10] P. Michiardi, and R. Molva, “A Game Theoretical Approach to Evaluate Cooperation Enforcement Mechanisms in Mobile Ad Hoc Networks”, WiOpt 2003: Modeling and Optimization in Mobile, Ad Hoc and Wireless Networks, INRIA Sophia-Antipolis, France, March 3-5, 2003. [11] A. Agah, S.K. Das, and K. Basu, “A Non-cooperative Game Approach for Intrusion Detection in Sensor Networks”, VTC 2004, Fall 2004. [12] A. Agah, S.K. Das, and K. Basu, “Intrusion Detection in Sensor Networks: A Non-cooperative Game Approach”, 3rd IEEE International Symposium on Network Computing and Applications (IEEE NCA04), Cambridge, MA, September 2004. [13] Y. Li, H. Man, and C. Comaniciu, “A Game Theoretic Approach to Efficient Mixed Strategies for Intrusion Detection”, IEEE International Conference on Communications(ICC), 2006. [14] N.N.Vorobev, “Game Theory Lectures for Economists and Systems Scientists”, Springer-Verlag, 1977. [15] H. Karl and A. Willig, Protocols and Architectures for Wireless Sensor Networks, John Wiley & Sons, 2005 [16] W.T. Su, K.M. Chang, and Y.H. Kuo, “eHIP: An Energy-Efficient Hybrid Intrusion Prohibition System for Cluster-Based Wireless Sensor Networks”, Computer Networks, vol. 51, no 4, pp. 1151-1168, 2007. [17] I.F. Akyildiz, W. Su, Y. Sankarasubramaniam and E. Cayirci, “Wireless Sensor Networks: a Survey”, Computer Networks, vol.38, no 4, pp.393-422, 2002. [18] M. Kodialam, and T.V. “Lakshman, Detecting Network Intrusions via Sampling: A Game Theoretic Approach”, IEEE INFOCOM 2003, vol. 3, pp. 1880-1889, March-April 2003. [19] M. Brownfield, “Wireless Sensor Network Denial of Sleep Attack”, IEEE Workshop on Information Assurance and Security United States Military Academy, West Point, NY, 2005. [20] A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J.D. Tygar, “SPIN: Security Protocol for Sensor Networks”, ACM Conference on Mobile Computing and Networking (MobiCom), pp. 189-199, Rome, Italy, July 2001. [21] A.D. Wood, and J.A. Stankovic, “Denial of Service in Sensor Networks”, IEEE Computer, pp. 54-62, 2002. [22] A. Agah, M. Asadi, and S.K. Das, “Prevention of DoS attacks in sensor networks using repeated game theory”, In Proceedings of the International Conference on Wireless Networks, 2006. [23] Wendi Rabiner Heinzelman, Anantha Chandrakasan, and Hari Balakrishnan, “Energy-Efficient Communication Protocol for Wireless Microsensor Networks”, In Proceedings of the 33rd Hawaii International Conference on System Sciences, 2000. [24] I.H. Li, F.N. Wu, and I.E. Liao, “An Energy-efficient Three-layer Clustering Hierarchy for Wireless Sensor Networks”, 2nd Workshop on Wireless, Ad Hoc, and Sensor Networks, National Central University, pp. 27-34, 2006. [25] T. Roosta, S. Shieh, and S. Sastry, “Taxonomy of Security Attacks in Sensor Networks and Countermeasures”, accepted for publication, IEEE International Conference on System Integration and Reliability Improvements, Hanoi, Vietnam, pp. 13-15, Dec. 2006. [26] S. Russell, and P. Norvig, Artificial Intelligence a Modern Approach, 2nd Ed., Prentice Hall, 2003. [27] W. Heinzelman, A. Chandrakasan, and H. Balakrishnan, “Energy-Efficient Routing Protocols for Wireless Microsensor Networks”, In Proceedings 33rd Hawaii International Conference on System Sciences. 2000. [28] F.N. Wu, “A Traffic Load-Aware Energy Efficient Protocol for Wireless Sensor Networks”, National Chung Hsing University (NCHU), 2007. [29] G. Li, J. He, and Y. Fu, “Group-based intrusion detection system in wireless sensor networks”, Computer Communications, pp. 4324-4332, 2008.
摘要: 感測節點本身受限於先天硬體條件的限制,例如:記憶體大小,計算能力及電池續航力等。這些因素都會影響到無線感測網路的整體效能,若是想在無線感測網路(Wireless Sensor Networks, WSN)上考慮安全性的問題,必定會遭遇到極大的困難與挑戰。所以,為了避免感測節點遭受到惡意的攻擊,造成部份甚至於整個無線感測網路無法正常的運作。因此,需要有一個安全系統來保護這些節點,確保網路運作正常。 在論文之中,提出一個新的入侵偵測系統,稱為Markovian IDS。透過Markovian IDS的防禦能力,來提升整個無線感測網路的安全性及穩定性,以維護無線感測網路的正常運作。Markovian IDS運用賽局理論(Game Theory)機制,結合異常偵測(Anomaly Detection)及誤用偵測(Misuse Detection)的方法,可以讓系統決定出其最佳防禦策略,並且結合馬可夫決策程序(Markov Decision Process, MDP)方法去預測出最容易遭受到攻擊的感測節點。在本系統中,Markovian IDS會記錄並分析所有攻擊者的攻擊行為,從這些過去的攻擊記錄裡,可以找出未來可能會遭受到攻擊的感測節點,進而對這些處於危險的節點或區域進行防禦,以提升無線感測網路的安全性及穩定性。
Wireless sensor node is congenitally limited by its insufficient resources of hardware such as memory size and battery duration; these factors not only affect the lifespan of wireless sensor network but also impose great challenges on adding security mechanism on sensor nodes. However, protecting sensor nodes from malicious attacks becomes more and more important as the applications of wireless sensor networks increase rapidly. In this thesis, we propose a new intrusion detection system (IDS) called Markovian IDS for protecting sensor nodes from malicious attacks. Markovian IDS incorporates game theory with anomaly detection and misuse detection for finding the best defense strategy of sensor nodes, and it employs Markov Decision Process (MDP) to predict attack patterns and then take appropriate defense strategies. Experimental results show that the proposed Markovian IDS has better successful defense rate compared to game theory only or MDP only methods.
其他識別: U0005-2807200914570000
Appears in Collections:資訊科學與工程學系所



Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.