搜索
,。,(distributedpre-decisionengine,DPDE),。DPDE,,,。,,。;;;*1,2,2,1(1.310015;2.310027)*(No.Y1080821),。(CNNIC)20101《25》:200912,3.84,。,、,,[1]。,。WLAN,IEEE802.11WEP/WPA,WLAN,(intrusionpreventionsystem,IPS)。11.1,、WLAN,AP,。,[2]。(1),,NetworkStumblerKismet,AP,SSID、、、,WLAN,(wardriving)。(2)WarDrivingWLAN,WEPWPA,,BackTrackAircrack-ng64bit128bitWEP,ARP,、80201010WEP,CainUbuntuWPA[3]。(3)APWLAN,(denialofservice,DoS),AuthenticationFailureDeauthenticationFlood,WLAN。(4):AP。·———APMAC,MAC(MACspoofing),,。·AP———(eviltwinattack)(maninthemiddleattack,MITMattack)AP,AP,(、)。,。1.2,,,,[4]。,[5]。IEEE802.11,TCP/IP,IEEE802.11。,,[6]。(wirelessintrusionpreventionsystem,WIPS)3:·;·;·。,SnortSnort-Wireless,Wi-Fi,;AirMagnetWLAN;AirTightSpectraGuard;Cisco,CiscoAironet。,。。,,,(planrecognition)。,。APWEP,APWPA,。,WIPS,。“”,,(distributedpre-decisionengine,DPDE),802.11,,,,,,。22.1DPDE、,4:、、。(1),81802.11a/b/g,WLANAPSSID、。(2),,。(3)DPDE,,。(4)DPDE,、。2.2、WIPS,1。DPDEWIPS:,IEEE802.1114,WLAN,APAP。,Snort-Wireless,。,,。,DPDE,、。33.1、,[7]。,,,。,,WIPSDeauthenticationFlood,DoS,:·MAC,AP;·EvilTwin,AP,。DeauthenticationFlood,,,。,DeauthenticationFloodDoS,AP。,DPDEDeauthentication。MACSpoofing,AP,,1,MACSpoofing。DeauthenticationFloodEvilTwin,AP,DPDEFlood,“”AP,AP,EvilTwin。,DeauthenticationFlood,,DoS、MACSpoofingEvilTwin,。1DPDEWIPS822010103.2,,,DPDE。,DPDE,,。DPDE,Hash[8],APSSID、MAC、、、。,MAC00-19-E0-E3-88-4C、6、38%、WEPTP-LinkAP,Hash2。DPDE。DPDESnort-Wireless,,。Snort-Wireless:actionwifimacdirectionmac(ruleoptions)Snort-Wireless“wifi”,(ruleoptions)frame_control、type、stypessid,AP,DPDE1[9]。1,APchannel、signal、encryptioninjection。DeauthenticationFloodEvilTwin,DPDE:alertwifiany-any(msg:“EvilTwinAttack”;stype:STYPE_DEAUTH;Channel:!NORMAL)“Channel:!NORMAL”AP。3.3Kautz[7],:。IS-A,DeauthDoS。,EvilTwin3:Deauth、AP。3,DoS、MACSpoofing、EvilTwin、WEPWPA。DoSEvilTwin:坌xDoS-Attack(x)Deauth-Attack(x)坌xEvil_Twin-Attack(x)Deauth-Attack(s1(x))∧Rogue-AP(s2(x))∧Association(s3(x)),s1、s2s3,[10]。DPDEDeauth-Flood,3:2APHash1DPDEchannelchannel:[!]numbersignalsignalstrength:[!]numbersource_addresssource_address:[!]numberdest_addressdest_address:[!]numberencryptionencryption:[!]TRUE|FALSEinjectioninjection:[!]TRUE|FALSEprotectedprotected:[!]TRUE|FALSEprivacyprivacy:[!]TRUE|FALSEwpawpa:[!]TRUE|FALSE|ON|OFFdatadata:[!]number83(DoS-Attack)∨(MAC-Spoofing)∨(Evil-Twin):(Deauth-Attack,Rogue-AP)DPDEEvilTwin,Association。,DPDE,。:(Deauth-Attack,Association)DoS,EvinTwin。GeibGoldman[11],,。,3[10],。4,DPDE,。,。di1di212,sd1sd212[12]。,,,,,,。,DPDE。,DPDEWEP,APWEP,WPA,,。3.4DPDE,,5,DPDE。,W,,APpn,Wpn,,,,DPDE。4Java,Snort-Wireless,,,DPDEWIPS。Socket,、、、、34842010105DPDE。,BackTrack,WarDriving(NetworkStumbler)、DoSAttack、RogueAP、MACSpoofing、MisconfiguredAP、EvilTwin、ARPWEPWEP8,,DPDESnort-Wireless,。:APLinksysWRH54G,APNETGEARDG834GT,CompaqPresarioB1900,Broadcom802.11b/g,WEPARPRequest,BackTrack4Pre。:·DPDE,;·DPDE,。。(1),DPDE8,Snort-WirelessWarDriving、DoS、RogueAPMACSpoofing4,2。(2)Snort-Wireless,8,,,Snort-Wireless56,DPDE32,AP,42.9%。,DPDE,WIPS。5,WIPS,。WLAN,“”,,(DPDE)。DPDE,,Snort-Wireless,,。,DPDE,。,DPDE,,,WIPS。1(CNNIC).252DPDESnort-WirelessDPDE88Snort-Wireless4WarDriving、DoS、RogueAP、MACSpoofing85,,:,20084,,..,2007,28(24):5844~58465,..,2005,31(3):143~1456Wen-ChuanHsieh,Chi-ChunLo,Jing-ChiLee.Theimplementationofaproactivewirelessintrusiondetectionsystem.In:TheFourthInternationalConferenceonComputerandInformationTechnology,Wuhan,China,20047HenryKautz.Aformaltheoryofplanrecognition.Rochester:UniversityofRochester,19878,,..(),2006,10(40):1701~17049GuanlinChen,HuiYao,ZebingWang.AnintelligentWLANintrusionpreventionsystembasedonsignaturedetectionandplanrecognition.In:ProceedingsoftheSecondInternationalConferenceonFutureNetworks(ICFN2010),Sanya,201010,..,2002,4(13):686~69211GoldmanRP,GeibCW.Planrecognitioninintrusiondetectionsystems.In:ProceedingsofDARPAInformationSurvivabilityConferenceandExposition(DISCEX),Anaheim,200112,,..,2005,41(16):146~149ResearchofDistributedPre-DecisionEngineinWirelessIntrusionPreventionSystemsChenGuanlin1,2,FengYan2,WangZebing1(1.SchoolofComputerandComputingScience,ZhejiangUniversityCityCollege,Hangzhou310015,China;2.CollegeofComputerScience,ZhejiangUniversity,Hangzhou310027,China)AbstractNowadayswirelessintrusionpreventionsystemshavebecometheresearchhotspotwiththefastdevelopmentofWLAN.Inthispaper,wefirstintroducethecommonattackmethodsforWLAN,andthenpresenttheframeworkofthewirelessIPSwithadistributedpre-decisionengine,whichcanpredictthefutureactionsanddirectactiveresponsestotheseactions.Weimplementanimprovedmodelwithextendeddetectionrulesforconductingintrusionplanandmakingpre-decision,bygatheringwirelessdeviceinformationandimportingsupportingdegreeofintrusionplaninplanrecognition.Experimentalresultsshowedthatthedistributedpre-decisionenginecannotonlyimprovewirelessintrusiondetectionandpreventionperformance,alsoreducefalsenegativesandfalsepositivesevidently.Keywordsintrusionpreventi