The Research And Implementation Of Intrusion Detection System Based On The IPv6 Campus Network

The development of the network technology brings much fun and convenience. More and more people use network to manage many kinds of works. The hackers attack the fertile land because the information of the network involves various fields. They eavesdrop and intercept the information, attack the network and intrude into the hosts using various advanced technologies and means. The illegal actions damage the confidentiality, integrity and availability of the information. Because the sharing of the information brings a platform for the intruders, the firewall can't resist the attack by itself in a passive mode. It needs some initiative measures to protect the security of the network. The Intrusion Detection System (IDS) is an active mean to detect the intrusion before the attacks travels everywhere. It can give alerts to make the network clean and safe.The born of the IPv6 makes the problems of network security more complex. More and more kinds of intrusion bring difficulty of intrusion detection. Solving the compatibility under IPv6 is one of the problems of the future IDS needs to improve. Dalian Maritime University (DMU) is in the transition from IPv4 to IPv6, there are huge users using the campus network. It is necessary to add IDS on the basis of firewall.This paper proceeds from the realities of DMU. Through combining with the open source IDS named Snort, improving the modules Snort has and basing on the character matching, the IDS which suit for DMU has been achieved. This system has six modules:the data packets capture module, the data packets parse module, the pretreatment module, the detection engine module, the output alert module and the initiative block module. All of the modules are researched, designed and achieved in detection order.This paper analyzes the network security problem of the campus network which is in the transition from IPv4 to IPv6, add some rules especially for DMU in the rules library of detection engine module. The system adds the initiative interdiction module to stop the intrusion spreading. So the system can protect the network fast and generally.