| When the network security becomes more and more important to all kinds of people, the technology of firewall and IDS(Intrusion Detection System)have been more and more widely studied and applied. IDS can remedy the shortcoming of the firewall, that is, it can detect the intrusion behavior from the network and adopt the protective method at the beginning of the intrusion. In a word, the intrusion detection is a kind of very important security technology of network.As the next generation of Internet Protocol,IPv6 not only can perfectly solve the problem that IP address will be exhausted very fast, but also is stronger and more efficient than IPv4 on such a lot of performance as the management, controls, network security. Therefore it is very meaningful to develop the intrusion detection system under IPv6 environment now.In this paper, the structure characters of IPv6 protocols in next generation internet are studied, under IPv4 and IPv6 two different protocols, on the basis of the analysis of the new IPv6 feature and security issues , discussed the inadequacy of the current IDS in the IPv6 network environment, designed a strategy to prevent vulnerability attack in particular according to the blank study and research in vulnerability attack. IPv6 network for the collection from the existing vulnerability attack and aggressive behavior analysis and synthesis, a vulnerability in the attack characteristics of the acts, alarm and output processing by IDS. Finally, in this study IDS on the basis of IPv6 is vulnerability under attack for the IDS design, the design and realization of vulnerability in the attack simulation platform vulnerabilities, and the rules for processing module characteristics. And the traditional IDS, the system's main advantage lies in its ability to detect the presence of IPv6 network vulnerabilities, and that they are given timely warning, but also increase the effectiveness of testing and detection accuracy rate. |
PDF Full Text Request