Research Of Intrusion Detection Technology Based On IPv6 Network

With the expandability of network's scale and complexity of network's structure, IPv4 communication network displays all kinds of shortage, such as limited address space and poor security. So, IETF (Internet Engineering Task Force) put forward a new generation Internet protocol-Pv6.Compare to IPv4, IPv6 improve the security of the network obviously. But IPv6 can not deal with the security of application layer and the protocol security of itself. With the widespread commerce application of IPv6, it is extremely urgent to consider the security of IPv6.In the light of security problems exits in IPv6 network, on the basis of open source IDS-snort, the thesis change snort system, make it worked in IPv6 environment. Specifically, the main tasks are as follows:(1) Introduce the background knowledge of IPv6 and intrusion detection technology. Firstly, detailed analyze the new features and packet format of IPv6, compare the differences between IPv6 and IPv4.Combine with IPv6's new features, from aspect of non-IP layer, transition period and protocol of itself, minutely expound the security frangibility of IPv6, giving the similarities and differences of attacks style between IPv6 and IPv4.Then presents the concept, classification and universal model of IDS.(2) According to transform of IPv6's packet format and attack style, on the basis of open source-snort, with the demand of IPv6, alter the framework of IPv6 intrusion detection system, analyze and design the key module of it.(3) Design and realize the IPv6 capture module, IPv6 packet parser module, IPv6 packet defragment module and IPv6 rule process module. Firstly, use the winpcap development kit to capture the IPv6 packet. In the light of IPv6 packet, define the structure of IPv6, ICMPv6 and the extend header, expands fields of the global variable-packet, and give the function of IPv6 decoder, ICMPv6 Decoder and extend header decoder. Use tracker and two direction link to realize the plug-in of IPv6 packet defragment. Then research on the detection rules of the system. Modify the three dimensional rule link, propose the scheme of how to alter the rule database in IPv6 network. For IPv6's holes, according to IPv6 rule grammar specification, write IPv6 rules. At last deploy a preliminary test for this system. It is proved that this system can satisfy the basic demand of IDS under IPv6 environment. By means of analyzing of IPv6 protocols and IPv6 rules, it is improved the validity and detection efficiency of the system, guarantee the security of IPv6 network.