The existing methods on anomaly detection in wireless Mesh network mostly focus on single malicious attack, which can not detect various malicious attacks originated form different protocol layers. We presented a cross-layer based anomaly detection mechanism. Firstly a distributed IDS structure for Mesh backbone network topology was proposed, secondly cross-layer based features were collected for comprehensively monitoring network activities. Furthermore,with the multidimensional observation sequences, the hidden semi-Markov model(HsMM) was trained and exploited to characterize and model the normal states of network activities. The entropies of observation sequences against the HsMM were calculated to evaluate their abnormality. An anomaly alert will be reported if the entropy is lower than a threshold. Experiment results show that the proposed detection mechanism is able to detect various malicious attacks from different protocol layers.%目前无线Mesh网络异常检测的方法大多针对单一恶意攻击,还不具备检测来自不同协议层的恶意攻击的综合能力.提出一种基于多协议层跨层结合的异常检测方法,即采集多协议层结合的特征对网络运行状态进行全方位监测,并训练隐半马尔可夫模型对网络正常运行状态进行描述,通过计算多维观测序列相对于隐半马尔可夫模型的熵来评价其“正常性”,从而发现源自不同协议层的恶意攻击行为.实验仿真证明,该方法能有效检测源自各协议层的多种恶意攻击,具有一定的通用性.
展开▼
