由于无线传输的固有特性及IEEE802.11标准的安全漏洞,无线网络很容易受到攻击,而传统的入侵检测系统在用于无线网络时具有很大的局限性。针对无线攻击的特殊性,提出并实现了一个无线入侵检测系统。该系统在LINUX操作系统下运行,对无线传输的原始数据进行捕获,并根据IEEE802.11MAC层的特性,对无线传输进行分析,从而对WARDRIVING入侵、非法AP、DOS攻击及MAC地址欺骗等攻击行为进行检测。测试结果表明,该系统对无线网络入侵能进行有效的检测和监控。采用该系统并加上其它安全策略,可对无线局域网的安全提供基本的保障。 Wireless network is prone to attacks due to the inherited characteristics and security vulnerabilities of IEEE 802.11 standard. The traditional intrusion detection systems are limited when they are used in wireless network. Aiming at the particularity of wireless attacks, a distributed wireless intrusion detection system is introduced and implemented. The system is running on Linux. Raw packets of wireless transmission are captured and analyzed according to the specialties of IEEE 802.11 MAC layer. Then the attacks of Wardriving intrusion, rogue AP, DoS attack and MAC address spoofing are detected. Testing results show that the system can detect and monitor wireless network effectively. The system can provide a basic safeguard along with other security strategies.厦门市科技局项目(3502Z20021021
