Research Of Intrusion Detection System In IPv6High Speed Network

Comparing with IPv4Protocol, the IPSec protocol is implemented as part of IPv6protocol, which enhances the security of network level. But with the application of IPv6network, more and more hidden dangers of IPv6protocol has appeared. More people gradually focus on the network attacks which aims at IPv6protocol.Intrusion detection system is a very effective tool for security of network. It has palyed an irreplaceable role in IPv4network for many years. IPv6network also needs its protection. Because of IPv6not compatible with IPv4and has its own security feature, the existing IPv4intrusion detection system can’t play its due role in IPv6network. So it is necessary to do some researching on IPv6intrusion detection system.Basing on the researching of famous open source intrusion detection system Snort in IPv4network, combining with the high speed feature of IPv6network and the IPv6network attacks, this paper gives an overall design and implementation mechanism for intrusion detection system in IPv6high speed network. The major works are done as follows:1、Researching on security problems in IPv6network, focusing on the security vulnerabilities of IPv6protocol itself and attacks arising from these security vulnerabilities. This paper makes a detailed elaboration on holes of IPv6routing extension header, IPv6fragment attacks, Flood attacks, DoS attacks of IPv6Neighbor Discovery Protocol and the security problem caused by IPV4/IPv6tunnel transition mechanism.2、Combining with the high speed feature of IPv6network, this paper does a deep researching on the traditional technology of packet capturing Libpcap which bases on PF_PACKET、PACKET_MMAP、PF_RING socket and the performance bottlenecks causing by these sockets, then this paper makes an improvement on the packet capture module of Snort with the Zero-Copy technology, which effectively improves the packet capture efficiency in IPv6high speed network.3、Aiming at the lack of current version Snort on parsing IPv6packets, this paper makes an improvement on the packet analysis module of Snort with the IPv6protocol analysis technology, implements the parsing functions of IPv6fixed header, IPv6extension headers and IPv6-in-IPv4、IPv4-in-IPv6tunnel packets. A new module called Internal Protected System Module is designed and implemented. Working together with the new added module, the packet analysis module can detects the attacks that use the holes of IPv6routing extension header. 4、Researching and improving on the alert messages output module and analysis console for intrusion databases of Snort, implement the function of IPv6intrusion messages stored in MySQL database, showed and analyzed on Web interface of basic analysis and security engine.Currently there is lack of mature commercial IPv6intrusion detection system, existing open source softwares also can’t support IPv6or limitedly support IPv6. This paper gives a overall design for intrusion detection system in IPv6high speed network, basing on Snort. Each relational module of this system is detailed designed and implemented, forming a basically complete intrusion detection system in IPv6high speed.The IPv6intrusion detection system which is completed by this paper can be effectively used in IPv4/IPv6transition network or pure IPv6network. This paper has provided some practical reference values for further researching of IPv6intrusion detection system.