Design And Implementation Of Instrusion Detection System Based On IPv6

More and more demands on network security are being developed along the wide application of Internet in every aspect of social life. As an active technology of security, intrusion detection is the focus of lots of recent researches.In this thesis, the current research progress of intrusion detection was firstly introduced. The principles and work-flow of Intrusion Detection System (IDS) were interpreted by analyzing the intrusion detection software Snort, and then we studied the network security issue of IPv6 based on some of its characteristics. Subsequently importance and urgency of researching and developing IDS based on IPv6 were proposed.By investigating the characteristics of IPv6 protocol, the author put forward the problems of intrusion detection based on IPv6 among which the two key problems are protocol analysis and fragment reassembly. According to the research of IPv6 and IPv4/IPv6 transition technology, the author expounded the protocol analysis method of IPv6; IPv6 fragment reassembly strategy was given as well referring to the method of IPv4 fragment reassembly.Then we built the IPv6-based IDS in a Windows platform by expanding Snort with Packet Capture Module and Output Module. Thus there are five modules in total in this system. Our innovations in each of them are as follows: as the Packet Capture Module WinPcap captures packets from network for followed analysis; in Decoder Module, IPv6 decoder based on analysis of IPv6 protocol and supporting function for IPv4/IPv6 transition technology are added; in Preprocessors Module the new function of detecting fragment attack was added by inserting the author-coded preprocessors plug-in of IPv6 fragment reassembly into the IDS; corresponding rules of IPv6 detection to detect possible attacks in IPv6 environment were added to Detection and Analysis Module; in Output Module, alert messages are designed to be stored in MySQL database by output plug-ins in order to be managed by network safety directors using graphical interfaces. At the conclusion the IDS we built was tested in a testing platform and demonstrated the ability of detecting various kinds of attacks from IPv4 and IPv6.In the final part of this thesis we summarized the present work and proposed the direction of further research to strength our outcome.