Research On Campus Network Intrusion Detection System Based On IPv6

IPv6 is on the basis of IPv4, in order to solve the IPv4 network address space is not enough, as well as some of the security issues in the IPv4 network developed. IPv6 through the IPSec technology can better improve network security, while using 128 bit address length, can greatly expand the network address space. In the research of this paper, we mainly take a college campus network in China as an example, to study the intrusion detection system of campus network based on IPv6.Campus network is one of the user group most of the local area network, due to the characteristics of campus network group oriented, campus network with Internet features numerous equipment, open network environment, campus network user groups are active, the proliferation of pirated software resources, network data type of complex and IPv4 and IPv6 long-term coexistence, in the light of the characteristics of the college campus network intrusion detection system must meet to achieve the detection of IPv4 and IPv6 network, have certain network transmission efficiency of data detection and for the construction of distributed demand.Through the analysis of the characteristics of the university campus network intrusion detection system, this paper based on the Snort tool, using the distributed structure to carry out the IPv6 campus network intrusion detection system design. After the intrusion detection system for campus network of IPv4 network data packets and IPv6 packets through the network sniffer, IPv4 network and IPv6 network data packet data packet preprocessing, useful data extraction and integration into a common data structure, and the network data through the analysis of abnormal event detection engine the analyzer and misuse detection engine, at the same time using K-means clustering algorithm for clustering analysis of network data, found that the potential threat not included in the rule base which, at the same time using on the abnormal network data for data mining Aprior algorithm, find the contained rules, enrich the rule base of intrusion detection system.Through analysis based on campus network structure characteristics, as well as on campus network intrusion detection system specific functional requirements, mainly through to existing open source Snort Intrusion Detection System Transformation to realize campus network IPv4 network packets and IPv6 network data package of intrusion detection. At the same time, based on intrusion detection system by rule pattern matching to detect the network potential security risk by the Snort Intrusion detection system rule base structure optimization and the rule patterns matching algorithm optimization to improve the performance of the intrusion detection system.By the end of experiment based on IPv6 Campus Network Intrusion Detection System(IDS) results show that the IPv6 Campus Network Intrusion detection system can detect the network based on the existence of security risks, and through linkage with the firewall system to provide high network security, reduce the transmitted in the campus network intrusion data, while the Snort rules base structure and rule matching algorithm optimization has also been shown can better improve the intrusion detection system detection performance.