| Now IPv6 has been considered that is one of the core standards of next generation Internet Protocol. The network behavior and attack are quite different in IPv6 environment by reason of the difference between IPv4 and IPv6 Protocol. Facing the unceasing expansion of network scale and the exponential growth of network application, it is an urgent research topic that anomalous traffic analysis for IPv6 environment should be deployed and implemented.This paper first analyzes the IPv6 Protocol, and then summarizes new characteristics and the hidden troubles for IPv6. Moreover, it comprehensively studies on the anomaly analysis and detection, in order to analyze several main technologies of anomaly detection and sum up the advantages and shortages.On the basis of previous research, it researches on the relationship of anomalous traffic, analyzes the attack from the total network behavior, which breaks the limitation of the single pattern matching technology. It is innovative that this paper puts forward a constructive anomaly detection technology based on stateful protocol analysis. In this paper, it analyzes the procedure of anomalous traffic emphatically. The procedure can be described accurately by the theory of finite state machine, which results in the forecast model of anomalous traffic. Then the anomaly detection is implemented by the technologies of pattern matching and stateful protocol analysis.Allow for the characteristics of IPv6, the anomaly detection technology base on stateful protocol analysis still has disadvantages. So the paper also puts forward the Deep Flow Inspection technology, which is based on the flow characteristics. It innovatively submits a scheme of anomaly detection with stateful protocol analysis and deep flow inspection.On the basis of network processor and Linux network operating system, this article fulfills the design scheme of anomaly detection system on IPv6 network with the aid of the powerful pattern matching engine of MPC8572E. It also illustrates the specific steps to implement the scheme. The experiment result shows that the system can detect the anomalous traffic with stateful rule matching by the stateful rule base, which is established by the anomaly forecast model. The DFI module can detect the flows which cannot be detected before. So it improves the detection effects. The method is proved quite practical by the experiment in the campus IPv6 network.In farther research for the future, the IPv6 datagram reassembly and efficient data forwarding should be enhanced, in order to improve the detection accuracy. On the other hand, the stateful rule base should be concluded and established to make the system practical. |
PDF Full Text Request