| Followed with fast developing of Internet in recently years, people more and more depend on the network. So the status of network security becomes very important. With the understanding of attackers to network system more thorough, the tools and the means of attacking more complex, the traditional methods like firewall of passively keeping away from intrusion have many disadvantages. As a kind of active defense technology, intrusion detection technology detects sorts of malicious attacks in time and responds when the net system is endangered. It is a reasonable supplement to traditional security technology such as firewall. As a new network security technology, intrusion detection technology has become the major concern of network security researching field nowadays.As the next generation of Internet Protocol, IPv6 not only can perfectly solve the problem that IP address will be exhausted very fast, but also is stronger and more-efficient than IPv4 on such a lot of performance as the management, controls, network security, etc. .But it is still in the experimental phase now. Therefore it is very meaningful to develop the intrusion detection system under IPv6 environment now.It is very important to develop an effective and real time network intrusion detection system in the environment of next generation IPv6 protocols Internet. In this paper, the structure characters of IPv6 protocols in next generation Internet are studied and a new network intrusion detection system framework is designed based on protocol analysis technology. According to the differences between IPv4 and IPv6 protocols, the process of protocol demodulation and analysis is researched and put forward based on the analyzing of IPv6 packet header structure, address, spread header and safety mechanism. The unreasonable codes, malice codes and incomplete data packet can be detected from the collected data packets in IPv6 networks by protocol demodulation and analysis, and then the characters and rules of network intrusion can be found and send to action output part to give and process the alarms. In the end, based on the research of the Snort system, a detailed designing scheme and implementation method of the network intrusion detection system based on protocol analysis in the environment of IPv6 networks are presented. The modules of packet capturing, protocol decoding, scan detecting and output are programmed and implemented. Compared to the traditional mode matching arithmetic, the virtues of system are: supplying data to detection engine for IPv4/IPv6 networks, improving detection validity and efficiency. |
PDF Full Text Request