Based On The Ipv6 Environment, Network Security Testing Phishing Defense

This paper is sponsored by National Network and Information SecurityGuarantee Persistence Development Program (No.2004-research 1-917-C-020) whosename is The Intrusion Detection System based on the IPv6 Protocol and is sponsoredby Xi'an Tackling Key Science and Technology Problem Program (No.GG05021)whose name is Study on Anti-Phishing and Disaster Recovery based on IPv6.This paper is also sponsored by two National High Technology Development863 Program of China under Grant No. 2003AA142060 and 2001AA142100. One isthe Study on Integrated Network Security Technology; the other is the Study onHacker Monitoring Technology.In corrESPonding with the attacks on the net get rid of the stale and bring forththe fresh, the network security new technique has appeared ceaselessly. No matterhow the technique evolves, the focus will be the detection and the prevention. TheIntrusion Detection System (IDS) has being played the big role all the time. FromHost Intrusion Detection System (HIDS) to Network Intrusion Detection System(NIDS) and last to Distribute Network Intrusion Detection System(DNIDS), the IDShas gone a long way and developed very fast.With the appearance of the IPv6 (Internet Protocol version 6), it exerts positiveeffect meanwhile brings a new challenge to the information security. Now thediscussion about exhausted IPv4 is abroad, but there are few studies on IDS based onIPv6. So the research data on IPv6 is infrequent and the impetus using the IPv6 toolsto launch an attack is absent.As shown above, the attack and the prevention based on the IPv6 is a hotproblem. If doing more research about it, we will be ready for the popularization ofIPv6. So this paper pays more attention to the intrusion detection and prevention,meanwhile lucubrates and discusses the Phishing—a new intrusion appeared in thefinance field.The main work and the innovation of the study are as follows.1. Design the Intrusion Detection model based on IPv6. Analyze thecharacteristic of IPv6, use for reference to the network security research on newprotocol. The system model built provides the groundwork of theory on intrusiondetection technique based on IPv6.2. Provide the new Rapid Capturing Packets method. Mark the data head of IPv6packets to realize the detection of 1/n data packets by each of N detector. Capture rate improves very remarkable. Divide the network data in kernel layer and link layerof operation system, so solve problem of the loss of intrusion information.3. Put forward to the blocking arithmetic of network intrusion. When the localnetwork is attacked fiercely, such as the network worm, actively blocking theintrusion by send the TCP reset packet and constitute error packet on the condition ofIPv6 protocol.4. Use the decision-making in the prevention of attack (include the Phishing).First introduce the Decision Supported System (DSS) to the intrusion detection.Apply advantage of "knowledge depiction, knowledge obtain, knowledge matchingand inferential framework to IDS realize prevention decision in intrusion detection(include the Phishing).5. Introduce the Ant Colony Optimization (ACO) to the network security. Usethe ACO algorithm during the forming rules makes the rules more effective. Use theACO theory during clustering makes the detection more exact. The detection,confirmation and data mining of signatures are all realized without anyone interfering.Furthermore, multilayer mix detection let the detection rate improve.6. Describe about IP Trace back mechanism using IPv6 Flow label without anyadditional traffic. Combining the flow label and ICMPv6 in intrusion trace back,provide the measure for the IPv6 trace back after prevailing of IPv6. Reverse traceback and the single data packet recurrence supported the IPv6 protocol realize theintrusion trace back based on the IPv6.7. Research the change of the intrusion detection after the change of theprotocol (IPv4 to IPv6). And research the characteristic of intrusion detection underthe high speed network and new protocol. At last establish three layer defense systemsupported the client, server and organization. Adopt distributed technique,Java Intelligent Network Infrastructure (JINI) technique form the measure of defense,system manage and establish communication mechanism.8. Model the Phishing attack pattern. Study the Phishing and its prevention,describe the typical Phishing attack and establish attack behaviors model. Thenanalyze the Phishing in detail and put forward the counter measure, it makes thePhishing attack be theorization and can predict the new Phishing attack based on thecurrent Phishing attack. Introduce the IP address check, DNS check, network addresscheck and the electronic signature to the defense of Phishing.The Intrusion Detection System based on the IPv6 is built according to the studies above. It has been applied respectively in "Network Cooperative SecuritySystem and "Hacker Monitoring System "and has been approved by 863 expertgroups. The system is applied in Einance department of Shaanxi Province andExaminations department of Shaanxi Province with satisfactory effects.