Ipv6-based Network Intrusion Detection System Research And Design

With the fast development of Internet nowadays, people relay on the networks more and more seriously. At the same time, the events of unlawful users or hackers intruding into the information systems are more and more popular. Hence, to keep the network security becomes more and more important. With the understanding of attackers to network system more thorough, the tools and the means of attacking more complex, the traditional methods like firewall of passively keeping away from intrusion have many disadvantages. Intrusion detection is an initiative, active and real time network security technology. It has been studied widely. It is very important to develop an effective and real time network intrusion detection system in the environment of next generation IPv6 protocols InternetIn this paper, the structure characters of IPv6 protocols in next generation Internet are studied, and a new network intrusion detection system framework is designed based on protocol analysis technology. According to the differences between IPv4 and IPv6 protocols, the process of protocol demodulation and analyse is researched and put forward based on the analyzing of IPv6 packet header structure, address, spread header and safety mechanism. The unreasonable codes, malice codes and incomplete data packet can be detected from the collected data packets in IPv6 networks by protocol demodulation and analyse, then the characters and rules of network intrusion can be found and send to action output part to give and process the alarms. In the end, based on the research of the Snort system, a detailed designing scheme and implementation method of the network intrusion detection system based on protocol analysis in the environment of IPv6 networks are presented. The modules of packet capturing, protocol decoding, scan detecting and output are programmed and implemented. Compared to the traditional mode matching arithmetic, the virtues of this system are: supplying data to detection engine for IPv4/IPv6 networks, improving the detection validity and efficiency.