Study On Critical Techniques Of Anomaly Detection System Based On IPv6

The current generation Internet protocol IPv4 is replaced by the new generation Internet protocol IPv6 because of its huge address space and favorable security architecture. However, as the development of the next generation Internet Protocol and the popularization of new type of applications, security problems of the networks based on IPv6 Protocol should be presented. Traditional anomaly detection algorithms can not detecte these new types of attack effectively and can not support the new protocol, either. An anomaly detection system must be excogitated that can support IPv6 protocol and do abnormity checking rapidly even under a high-traffic network environment as well. It is necessary to study anomaly detection algorithms based on NGI, which has theoretical significance and practical importanc. Therefore, it has become a significant international topic that needs to be urgently solved.In order to ensure the security of NGI, we must be able to differentiate and response to its abnormal behavior. The purpose of the research of NGI anomaly detection architecture is to develop a new technology to provide our anomaly detection system to accommodate with a high bandwidth and high traffic network environment and it must support the new internet protocol and have the ability of self-study. Then the Internet anomaly detection technology, the structure model of network architecture and the network security control platform of NGI can be built up.This paper focuses on the research of security problem of IPv6, high-speed package capture model and effective anomaly detection algorithm that is applicable in IPv6 environment with the help of computer immunity technology.In order to design and implement the anomaly detetction architecture based on the next generation Internet, we should know the exactly type security issues existing in the new Internet carried protocol. This paper analyses the security of IPv6 through the designing, implement and disposition phase of the protocol. By analyzing, we found that some population operation systems such as Windows and Linux have some problems in the implement of IPv6 protocol, especially in the implement of the Neighbor Discovery protocol. According to the result, we design and actualize some bran-new types of attack under IPv6 environment utilizing the hiding trouble of IPv6. Moreover, after testing our anomaly detection algorithm, we also table some security proposals for the design of the protocol.The lossless capture of data package is the basis of anomaly detection. The bandwidth of the backbone of NGI has been extended a lot, and the data stream it carries has also been sharply increased which presents difficult challenges to the fully capturing of data package. This paper researches the high-speed data package capture model, which provides a good basic for anomaly detection. By analyzing the disadvantages of existing capture model, we rearche and impelte a new Packet Capture Mechanism based on Semi-Polling Driven Zero Copy(PCMSZ), introduce a Memory Map (MM) mechanism and solves the bottleneck of high-speed data package capture.The goal of the design of the anomaly detection algorithm is to enhance the efficiency and the veracity of the detection. The problems that our computer security systems face are very similar to biology immunity. So anomaly detection technology using artificial immune theory can obtain more accurate and reliable results and improve the performance of our detecting system. By introducing the real valued code, deteminstic crowding niching algorithm, improving the genetic algorithm, we present an evolutionary algorithm that generates Hypercube detector - Deviation Levels based Detection Algorithm (DLDA) and an evolutionary algorithm that generates fuzzy rule detectors - Fuzzy Rules based Anomaly Detection Algorithm (FRADA). Finally, we evaluated the protype system and an open source code anomaly detection system-snort with DARPA 1999, DARPA 2000 data set and the real network flow. The result shows that the algorithms presented in the paper are more improved than snort.Traditional abnormal detection algorithms can not always support a new protocol, and we must design new algorithms to satisfy this new protocol. Aiming at the characteristics of long address and high traffic of data that IPv6 has, we improve the algorithms based on Artificial Immune theory, present an IPv6-based immune abnormal detection algorithm, simplify the coding method using the randomized real valued code, accelerate the matching rate using fragment matching method. It has proved in the experiment that the result and efficiency of the algorithm are both acceptable.This paper integrates all the achievements above in a security mitigation system focus on NGI and makes analysis and evolutions to its security.