Distributed intrusion detection method and system for ad hoc network

Abstract

The invention relates to a distributed intrusion detection method and system for an ad hoc network. Nodes in the ad hoc network are clustered and cluster head nodes are selected, block chain systems are configured at all the cluster head node to form a block chain network, and the method includes the following steps: a node where a log is updated sends to the cluster head node thereof a transaction request containing a log information record which is formatted locally at the node; the cluster head node broadcasts the transaction in the block chain network after verifying that the transaction is legal; each cluster head node performs consensus verification of the transaction, after passing the consensus verification, the transaction is packed to be recorded to the block chain to form a shared log data; and each cluster head node executes intrusion detection based on local information and the shared log data. Since consensus verification and recording are performed on the log informationrecord, authenticity and reliability of detection data are ensured, globally reliable shared information records and safety audit data are provided for the centerless weakly-trusted ad hoc network, so as to support global decision making and response, thereby enabling intrusion detection to be more accurate.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a distributed intrusion detection method and system for an ad hoc network. Background technique [0002] In recent years, ad hoc networks have developed rapidly. They have the characteristics of fast networking, easy deployment, and no dependence on fixed infrastructure. They have been widely used in military communications, mobile networks, and emergency services. Ad hoc networks such as wireless sensor networks and Internet of Vehicles. But with the rapid development of ad hoc networks, network security is becoming more and more important. Intrusion Detection System IDS (Intrusion Detection System) is the second line of defense to protect system security after the firewall. It collects and analyzes network logs and audit data to detect whether there are operations in violation of security policies and malicious attacks launched in the ad hoc network. Nodes, and notif...

AI Technical Summary

Problems solved by technology

Among them, the network-based intrusion detection system and the host-based intrusion detection system have relatively complex data types when the network scale is relatively large. and the ability to respond to intrusions

Therefore, distributed intrusion detection systems have been more widely studied and applied. However, most of the existing distributed intrusion detection methods are to set up detection components to collect information on each network node, and send the collected information to the central processing Nodes for analysis and processing, which rely on central processing nodes, limited processing and detection capabilities, and are not suitable for scenarios without central processing nodes

[0004] The invention patent with the application number of 200810041454.8 proposes a wireless self-organizing network intrusion detection method. This method implements intrusion detecti

Images