| With the improvement of network technology internet has been a part of our world in the past twenty years, but at the same time the network expend more and more also brought many problems, especially the shortage of IP addresses. The introduction of IPv6 protocol provides a solution to the network's continued development and it was recognized widely. IPv6 not only has big address space, and did the improvement in simplification of header, high quality of service and mobility. It will play an active role in actual applications. At the present the global IP addresses have been all distributed and it has been a fact that network would skip into the age of IPv6. However, in the next years the most users and application wills continue to use IPv4 protocol, the transition period of IPv4 and IPv6 both exist will go through a long time, so it is necessary to achieve the link between IPv4 network and IPv6 network. There are three mainly transition methods:dual stack, tunnel and NAT-PT, they provide the communication method between different protocols. In the same time network security are becoming more and more important, the variety internet intrusion events seriously affect the normal use and improvement. Intrusion detection is a good plan to detect the network attacks, but now the traditional detection system mainly against the data in IPv4 protocol, and it doesn't have perfect detection method against IPv6 protocol and transition method.With the next generation internet protocol IPv6 is applied more and more, the transition technology between IPv4 and IPv6 will be used widely is the process, it will introduce the new challenges to network security. This paper first introduces the improvement from IPv4 to IPv6 and analysis the safety risks under the transition mechanism, then makes the detailed research on different types of intrusion detection model. Finally we design an intrusion detection system based on CIDF frame for hidden troubles of transition technology, the system is formed by five modules which related. The capture of packet module get data which we need, and this paper use zero copy and PF_RING socket to adapt to high speed network. The protocol analysis module is premise with the high degree of protocol, it analysis every layer of TCP/IP stack, mainly research on how to identify the tunnel packet. We design the corresponding data structure to save the header information of every layer. In the rule match module we use the keywords to call the detect function, and design an index match strategy that put those rules whose match times more than others into the before and the match efficiency will increase greatly. At last the system has some response action and could record the data information of packet which has attack attempt. The experiment results in a LAN verify that the system could make the detection to the security threats of tunnel packet, and the detection efficiency increase obviously compared with before, then verify the correction of system. |
PDF Full Text Request