隨著網路頻寬、無線網路與其他各種通訊科技的技術結合,任何 在無線通訊範圍內的惡意攻擊者都很容易去攻擊網路內部的其他無 線IoT 的裝置。本論文所設計的系統會有sensor 代理人(sensor agent) 與影子主機(shadow host)。Sensor 代理人(sensor agent) 主要是負責蒐 集與傳送sensor 裝置的資料到網路當中,而影子主機(shadow host) 是 當作sensor 代理人(sensor agent) 的虛擬替身。本論文所提出的安全機 制/系統會利用sensor 代理人與影子主機的身分交換方式來避免sensor 代理人受到攻擊。也因為sensor 代理人與影子主機的特徵不容易被攻 擊者給詳細記錄,因此攻擊者很容易會被我們的影子主機給欺騙與困 住。除此之外,因為成本效益,攻擊者不會花費太多的資源來攻擊一 個sensor 代理人。攻擊者在入侵到我們真正的sensor agent 之前,需要 對這些sensor 代理人與影子主機做簡略的掃描與探索,並按照入侵的 順序來探索這些影子主機。這樣的方式彷彿是將攻擊者困在一個” 迷 宮”,使攻擊者在達到他攻擊的目標之前(攻擊sensor 代理人),必須先 經過我們一系列的影子主機。在效能分析當中,我們呈現本篇所提的 方法/系統是有能力可以在便宜的樹梅派3 去做到一般攻擊的行為的偵 測與處理。;With the advent of broadband, wireless networking, and convergence of different communication technologies being adopted by HANs, these insiderattack incidents have further increased because anyone could breakthrough the network and penetrate other insider devices if they are located within the wireless communication range. Our proposed security system/mechanism uses identity exchange of sensor agents and shadow hosts to redirect the attack. Since all the detail and characteristics of every sensor agents and shadow hosts cannot not be easily recognized,the attacker may be easily fooled and trapped into our shadow hosts. Moreover, it is not cost-effective to assign much computing resource to just penetrate one specific sensor agent. This forces the attacker to roughly scan and inspect all these shadow hosts one by one before reaching to our sensor agents, which resembles a MAZE for entrapping the attacker. In our performance analysis, we show that our proposed security system/mechanism can even detect and handle general insider attacks/intrusion with the limited hardware resources of a Raspberry Pi 3.