Study On The Intrusion Detection System Based On IPv6

When the network security becomes more and more important to all kinds of people, the technology of firewall and IDS(Intrusion Detection System) have been more and more widely studied and applied. IDS can remedy the shortcoming of the firewall, that is, it can detect the intrusion behavior from the network and adopt the protective method at the beginning of the intrusion. In a word, the intrusion detection is a kind of very important security technology of network.As the next generation of Internet Protocol, IPv6 not only can perfectly solve the problem that IP address will be exhausted very fast,but also is stronger and more efficient than IPv4 on such a lot of performance as the management, controls, network security. Therefore it is very meaningful to develop the intrusion detection system under IPv6 environment now.In this paper, the structure characters of IPv6 protocols in next generation internet are studied, and a new network intrusion detection system framework is designed based on protocol analysis technology .According to the differences between IPv4 and IPv6 protocols, the process of protocol demodulation and analysis is researched and put forward based on the analyzing of IPv6 packet header structure, address, spread header and safety mechanism. The unreasonable codes, malice codes and incomplete data packet can be detected from the collected data packets in IPv6 networks protocol demodulation and analysis,then the characters and rules of network intrusion can be found and send to action output part to give and process the alarms. In the end, based on the research of the Snort system, a detailed designing scheme of the network intrusion detection system based on protocol analysis in the environment of IPv6 networks are presented. The modules of packet capturing, protocol decoding, scan detecting and output are programmed. Compared to the traditional mode matching arithmetic, the virtues of this system are: supplying data to detection engine for IPv4/IPv6 networks, improving the detection validity and efficiency.