Design And Implementation Of Protocol Analysis In Intrusion Detection System Based On IPV6

Over the past few years, the technology of Internet is developed at full speed all over the world. But for the TCP/IP and some application protocols as HTTP, FTP etc were designed in a condition that security wasn’t concerned, this make the TCP/IP system easy to be attacked.The Intrusion Detection System inspects the contents of network traffic to look for and deflect possible attacks. As network attacks have increased in numbers and severity over the past few years, intrusion detection systems have become a necessary addition to the security infrastructure.With the development of IPv6, especially during the course of transition from IPv4 to IPv6, there are many new problems to be faced and need to be solved when doing research on IPv6 intrusion detection. The early developed IPv4 intrusion detection systems cannot prevent this type of attacks effectively. Now by far the research of IPv6 Intrusion Detection System is brand new to us. Therefore, the study of IPv6 intrusion detection systems has high theoretic importance and practical value.There are many aspects to be studied in IPv6 intrusion detection, and use the protocol analysis technology to build the Intursion Detection System which suitable for pure IPv6 and the period that IPv4 transite to IPv6. We studied on this, and the paper mainly worked in the follows;Compared the IPv6 header with IPv4 header, analyzed the possibility of analyzing IPv4/IPv6 dual-protocol in a single system.Put forward a structure of Intrusion Detection System, and analyzed how to build the system.Analysised some important headers as: TCP, IPv6 etc. Summarized the characters and requirements of protocol analyzing.Analyzed the importance of fragments in intrusion detection. Researched on how to get intrusion characters from fragments. Use an intrusion description language which based on protocol analysis to describe the characters of intrusion detection, and studied how to translate the rules, so that it can be understanded by the detection module.Build the detection programs of fragment attack and port scan on IPv6, and designed the detection engine that bases on rules.The paper puts out an Intrusion detection system by the technology of protocol analysis, build an IPv4/IPv6 enviroment by Use of IPv6 to IPv4 tunnel. to and get packets in the system. As analyzed the packets, the paper put out the process of packet header analyzing. Use a protocol analysis based Intrusion discirption language to discirbe the intrusion characters, defined the rules of intrusion description language.