Research And Implementation Of Intrusion Detection System In IPv6Environment

Intrusion detection technology is an important network security technology, and it is another barrier besides firewall. As the active protection system, an intrusion detection system is an essential part of a network security system. Currently, in IPv4networks there are many security issues which also exsit in IPv6networks. Therefore, the study of an intrusion detection system under IPv6is a technic of practical significance.This thesis designes IPv6network intrusion detection system, and its main achievement is that this thesis finishes the pattern matching and protocol analysis. Accordingly, the intrusion under IPv6can be detected. Frame capture is implemented by improving the Libpcap library, and protocol analysis is achieved by extending Snort.The regularity of the protocol is utilized when pattern matching and combining with the string pattern matching algorithm’s are implemented.According to the advantages of AC algorithm and the BM algorithm,which is an innovative applications of AC-BM algorithm in IPv6IDS. AC-BM is an algorithm that matches the string that is changed into a finite tree state auto machine like the Aho-Corasick Algorithm, while it is not based on the string suffix but prefix, detect known attack characteristics, which is greatly improve the accuracy of the system. IPv6Intrusion Detection System is divided into five modules:frame capture module, IPv6protocol analysis module, IPv6rules preprocessing module, IPv6feature detection module and output module. Finally this thesis implements each module in the Linux environment, and the test suggests intrusion detection system is efficient and accurate when it detects intrusion in the IPv6network.This thesis studies the differences between IPv4and IPv6, and the distinctions between IPv4and IPv6network intrusion detection system, through the difference proposed IPv6intrusion detection system architecture and detailed design. Then it designs each module in graphic details, deploys the network experiment environment and implements the IPv6intrusion detection systems. Finally, test results propose that the system can accurately detect network attacks under IPv6and output the alarm information. Although there are some deficiencies, the IPv6intrusion detection system will be widely applied in the future according to the present and future promotion of IPv6.Consequently, it is necessary to design a perfect intrusion detection system.