Research Of ART-2 Network In IPv6 Intrusion Detection System

Intrusion detection, one of the most critical technologies in dynamic security systems, plays a very important role in the deep defense hierarchy system of network, which is the key of the conversion from static defense to dynamic defense, and as well a powerful tool of forcibly implementing the security policy. With the increasing sophistication, diversification and automation attack tricks, traditional intrusion detection systems (IDS) can't any longer support the requirements of security. In order to withstand more and more frequent distributed, multi-objective, multi-stage network attacks and hacker behaviors nowadays, it is very important to incorporate advanced artificial neural network learning techniques and develop an effective and real time network intrusion detection system in the environment of next generation IPv6 protocols Internet.The dissertation mainly work is applying protocol analysis and Adaptive Resonance Theory (ART) to intrusion detection based on structure characters of IPv6 protocol. The dissertation first studies techniques of intrusion detection, and then systematically studies IPv4/IPv6 protocol analysis techniques based on decision tree algorithm and theories about classical ART-2 network combined with Principal Component Analysis (PCA) which is an effective approach for nonlinearity data analysis.A novel intrusion detection module PCA-MART2 is put forward according to analyzing classic ART-2 model and the characteristics of intrusion detection. With a combination of protocol analysis, set up an intrusion detection system framework. In protocol analysis module, it utilizes decision tree to decode and analyze IPv4/IPv6 data and the theory of information gain is used to class the rules of protocol. One or more decision trees are set up to optimize rules and the matching time of detection attack is cut down obviously. In order to make the clustering results orderly and hierarchical, the multi-layered ART-2 is designed to subdivide the imprecise clustering. The modified module improves the speed and accuracy of detection. PCA defines network behaviors relied upon the datagram and applied to feature selection about input samples. It can reduce the computational complexity of neural network effectively.In order to verify the validity of the system, several simulated experiments were carried on in IPv4/IPv6 environments. The results show that intrusion detection system based on ART-2 and protocol analysis work well in detecting potential attacks, especially decreasing the training/testing time.