The Research On Intrusion Detection Technology In IPv6

For TCP/IP and its application layer protocols were created at a time when network security wasn't a very strong concern, this make the TCP/IP network lack even the most basic mechanisms for security. With the development of Internet in recent years, computer network has become very important in people's daily life. Along with the development, the network attacks become more and more frequent, so network security attracts increasing focus from government and experts. The technology of network security is at full developed. The Intrusion Detection System (IDS) inspects the contents of network traffic to detect possible attacks. It is a powerful tool to protect the network from attacking. Research on IDS has become a new hotspot in computer science.IPv6 protocol has been designed in full consideration of the flaws of IPv4. IPSEC is used compulsorily in IPv6 to improve network security. IPSEC, however, cannot protect the network from all kinds of attacks. It is still meaningful to continue to research on Intrusion Detection System. But the Intrusion Detection System based on IPv4 must be adjusted to meet the new demands in IPv6.This paper focuses on the technology of Intrusion Detection System based on IPv6. It firstly puts forward the question that current IDS was useless to analyse encrypted IP packet, then gives a solution to it. That is to say, a model tiltled "Encrypted Conversation-oriented Intrusion Detection System"(ECOIDS) has been built to solve the problem. The author's contributions are as follows:(1) Introduced relevant technology, such as IPv6, IDS, LDAP, protocol analysis etc. Categorized the network attacks and analyzed the difficulties that Intrusion Detection System may encounter in IPv6.(2) Designed a model which needs Directory Server, Key Exchange software, Intrusion Detection System to cooperate, proved security, rationality and reliability of the model.(3) Described the details of each module, such as: the design of the entry of directory server, the implementation and improvement of the key exchange protocol---JFK, the implementation of LDAP preprocessor and ESP analyzer.