行動隨意網路 ( Mobile Ad Hoc Networks, MANETs )，具有相當的方便性以及高度的機動性。在越來越普遍被使用的同時，安全上的問題也逐漸浮出檯面。為了維護行動隨意網路在使用時的安全品質，我們需要一個入侵偵測系統 ( Intrusion Detection System, IDS )，來偵測出惡意攻擊的行動節點，並有效防禦以做出適當的回應，進而提昇整體無線網路的安全性。在本論文中，我們針對行動隨意網路在安全上的弱點，設計一個入侵偵測機制，以有限狀態機 ( Finite State Machine, FSM ) 結合決策樹 ( Decision Tree, DT ) 來加強行動隨意網路上的安全性。
為了提供一個較為安全的無線行動隨意網路，我們先利用有限狀態機作為偵測的核心，過濾明確的攻擊行為；而對於無法立即判斷的可疑節點或資料封包，則擷取出特徵值，利用決策樹進行分類訓練，使得有限狀態機的偵測效果更加明確，進而深入判斷可疑行為是否為攻擊訊息。
最後，透過決策樹執行一系列的風險係數分析，提供網路使用者最即時的回應，作為網路使用時的安全參考數據，以確保資料的安全以及用戶的權利，進而提升行動隨意網路的整體安全性。本研究經模擬實驗後證實有限狀態機結合決策樹的入侵偵測系統確實能提高偵測惡意攻擊的效率。

Mobile Ad Hoc Networks ( MANETs ) has good convenience and high mobility. The problems in security have appeared when the MANETs get popular. For maintaining the secure that using quality of mobile ad hoc networks, we need an Intrusion Detection System ( IDS ) to detect the malicious attacking nodes and do some proper responses. In this thesis, we focus on the vulnerability of mobile ad hoc networks and design an intrusion detection scheme which combines Finite State Machine ( FSM ) and Decision Tree ( DT ) to enhance security on the mobile ad hoc networks.
In order to provide a more secure MANETs, we use FSM to determine and collect the characteristic value from doubted packets which can not recognize definitely. And then, we use the model that trained by DT to determine whether the packets are attacking information or not for the second check.
Finally, analyzing the risk coefficient with decision tree and providing network user with immediate responses can be the security reference to ensure the security of the data and the authority of users. After the simulation and experiment, intrusion detection system via finite state machine and decision tree can improve the efficiency of malicious attack detecting.

參 考 文 獻

[1] Huei-Wen Femg, Chien-Liang Liu, ”Design of a Joint Defense System for Mobile Ad Hoc Networks,” VTC'06. IEEE 63rd, pp.742-746, 2006.
[2] S. J. Hashim, K. Jumari, and M. Ismail, “Computer network intrusion detection software development,” IEEE TENCON '00, vol. 3, pp. 117-123, 2000.
[3] Y. Bai, H. Kobayashi, “Intrusion detection systems: technology and development,” IEEE AINA '03, pp. 710-715, 2003.
[4] O. Kachirski, R. Guha, “Intrusion detection using mobile agents in wireless ad hoc networks,” IEEE KMN '02, pp. 153-158, 2002.
[5] J. Parker, J. Underco_er, J. Pinkston, A. Joshi, “On intrusion detection and response for mobile ad hoc networks,” IEEE PCCC '04, pp. 747-752, 2004.
[6] C. E. Perkins, Royer, S. Das, “Ad hoc on-demand distance vector (AODV) routing,” Internet Draft, draft-ietf-manet-aodv-13.txt, 2003.
[7] C. E. Perkins, E. M. Royer, “Ad hoc on-demand distance vector routing,” IEEE WMCSA '99, pp. 90-100, 1999.
[8] D. B. Johnson, D. A. Maltz, “The Dynamic Source Routing Protocol for Mobile Ad Hoc Networks,” Mobile Ad-hoc Network (MANET) Working Group, IETF, 1999.
[9] Liang Qin, Thomas Kunz, “Pro-active route maintenance in DSR,” ACM SIGMOBILE Mobile Computing and Communications Review Volume 6 , Issue 3, pp.79-89, 2002.
[10] S. Yi, P. Naldurg, R. Kravets, “Security-aware ad hoc routing for wireless networks,” ACM MobiHoc '01, pp. 299-302, 2001.
[11] M. G. Zapata, N. Asokan, “Securing ad-hoc routing protocols,” ACM WiSE '02, pp. 1-10, 2002.
[12] L. Zhou, Z. J. Hass, “Securing ad hoc networks,” IEEE Network Magazine, vol. 13, no. 6, pp. 24-30, 1999.
[13] G. Vigna, S. Gwalani, K. Srinivasan, E. M. Belding-Royer, R. A. Kemmerer, “An intrusion detection tool for AODV-based ad hoc wireless networks,” IEEE ACSAC '04, pp. 16-27, 2004.
[14] P. Ning, K. Sun, “How to misuse AODV: a case study of insider attacks against mobile ad-hoc routing protocols,” IEEE Information Assurance Workshop '03, pp. 60-67, 2003.
[15] C. Tseng, P. Balasubramanyam, C. Ko, R. Limprasittiporn, J. Rowe, K. Levitt, “A specification-based intrusion detection system for AODV,” ACM SASN '03, pp.125-134, 2003.
[16] C. Y. Tseng, P. Balasubramanyam, C. Ko, “A specification-based intrusion detection system for AODV,” Security of Ad Hoc and Sensor Networks (SASN’03), 2003.
[17] Y. Bai, H. Kobayashi, “Intrusion detection systems: technology and development,” IEEE AINA '03, pp. 710-715, 2003.
[18] S. Axelsson, “Intrusion detection systems: a taxonomy and survey,” Tech. report no. 99-15, Dept. of Comp. Eng., Chalmers Univ. of Technology, 2003.
[19] P. Brutch, C. Ko, “Challenges in Intrusion Detection for Wireless Ad-hoc Networks,” Applications and the Internet Workshop, pp. 368-373, 2003.
[20] Y. Zhang, W. Lee, “Intrusion detection in wireless ad hoc networks,” ACM MobiCom '00, pp. 275-83, 2000.
[21] Y. Zhang, W. Lee, Y. Huang, “Intrusion detection techniques for mobile wireless networks,” ACM WINET '03, vol. 9, no. 5, pp. 545-556, 2003.
[22] H. Deng, Q. A. Zeng, D. P. Agrawal, “SVM-based intrusion detection system for wireless ad hoc networks,” IEEE VTC '03, vol. 3, pp. 2147-2151, 2003.
[23] S. Bhargava, D. P. Agrawal, “Security enhancements in AODV protocol for wireless ad hoc networks,” IEEE VTC '01, vol. 4, pp. 2143-2147, 2001.
[24] Scott Robert Ladd著,葉涼川譯 “Java演算法,” 美商麥格羅.希爾, 台灣分公司, 2000年.
[25] J.R. Quinlan, “Induction of Decision Trees,” Machine Learning, vol.1, no.1, pp.81-106, 1996.
[26] J.R. Quinlan, “C4.5: Programs for Machine Learning,” San Mateo,37 Calif.: Morgan Kaufmann, 1993.
[27] Stuart Russell, Peter Norving, “Artifical Intelligence a Modern Approach,” Prentice-Hall International Editions, 2003.
[28] IEEE, “Wireless LAN medium access control (MAC) and Physical layer (PHY) speci_cations, ” IEEE Standard 802.11, 1999.
[29] Sinclair. C, Pierce. L, Matzner. S, “An application of machine learning to network intrusion detection,” (ACSAC '99), pp.371-377, 1999.
[30] Risk management, http://www.dragonsoft.com.tw/doc/2004_risk.php.
[31] The network simulator ns-2, http://www.isi.edu/nsnam/ns/.