Intrusion Detection Analysis And Research. Ipv6 Network

Followed with fast developing of Internet in recently years, people more and more depend on the network. So the status of network security becomes very important. With the understanding of attackers to network system more thorough, the tools and the means of attacking more complex, the traditional methods like firewall of passively keeping away from intrusion have many disadvantages. As a kind of active defense technology, intrusion detection technology detects sorts of malicious attacks in time and responds when the net system is endangered. It is a reasonable supplement to traditional security technology such as firewall. As a new network security technology, intrusion detection technology has become the major concern of network security researching field nowadays.It is very important to develop an effective and real time network intrusion detection system in the environment of next generation IPv6 protocols Internet. In this paper, the structure characters of IPv6 protocols in next generation Internet are studied, and a new network intrusion detection system framework is designed based on protocol analysis technology. According to the differences between IPv4 and IPv6protocols, the process of protocol demodulation and analysis is researched and put forward based on the analyzing of IPv6 packet header structure, address, spread header and safety mechanism. The unreasonable codes, malice codes and incomplete data packet can be detected from the collected data packets in IPv6 networks by protocol demodulation and analysis, then the characters and rules of network intrusion can be found and send to action output part to give and process the alarms. In the end, based on the research of the Snort system, a detailed designing scheme and implementation method of the network intrusion detection system based on protocol analysis in the environment of IPv6 networks are presented. The modules of packet capturing, protocol decoding, scan detecting and output are programmed and implemented. Compared to the traditional mode matching arithmetic, the virtues ofthis system are: supplying data to detection engine for IPv4/IPv6 networks, improving the detection validity and efficiency.