Ipv6 Environment Attacks Based On Fsm Description And Testing Research

Research in this paper is done under the project "Network Camouflaging Cooperative Security Model Research" which is supported by the National Natural Science Foundation of China and granted with the ID number 60503008.As the core of the next-generation internet, IPv6 protocol can effectively solute the problem of the shortage of the address, which has made a lot of improvement of original IPv4, including an increase of security, address auto-configuration, mobility, improvement of performance and so on. However, the network attacks under IPv6 still exist, which includes not only some of those original ones for non-IP layer, but also the new ones which IPv6 introduces. Therefore, researching attacks and methods of detecting attacks under IPv6 environment have important practical value.On the basis of introduced the characteristics of IPv6 and the current technology of intrusion detection, we focus on an analysis of the security problems under IPv6 environment and problems when the existing intrusion detection system detecting attacks under IPv6 environment. And then, proposing the method of describing attacks based on the finite state machine and giving the detection algorithm based on this method. The basic idea is to analyze the attack scene, make the attacks to be procedure, get events and states which are associated with attack, and use the finite state machine to describe the attacks. As not only to detect the particular attack, we get states which are related to events according to state transition function before detection, which can make up the shortage of combining several state machines when the finite state machines are directly used. When event is detected, match the states associated with it with the current state of the system to determine the subsequent state and make use of the method of not incomplete match to determine whether the attack occur. The use of state match can ignore the users' improper operation and the abnormal situation that does not affect the system, using the method of incomplete match to match attack can make the early warning as soon as possible and avoid failing to alert the attacks as using the complete match, and adopting the method to empower the value to the states in the attack model can detect the attacks of the uncertain attack order when detecting.Based on Snort 2.8.3, we designed and implemented prototype intrusion detection system in IPv6 environment, which maked use of the idea of descripting attacks using finite state machine. Experiment verified the effectiveness of the system.