Research On Network Forensics Based On Intrusion Detection In IPv6 Environment

Network forensics are series of activities which collect and analyze the computer crime evidence with the method of dynamic defense to find the network crime.network forensics find that the invasion of the network system,mainly through the network data flow,audit trails,real-time monitoring and analysis of host system logs,etc.It can automatic record criminal evidence and prevent further invasion of network system.Intrusion forensics is a technology combined with intrusion detection and network forensics.As the current IPv4 address will soon run out,IPv4 to IPv6 transition has become the only way,the application Based on IPv6 will heavily influence the network forensics technology.The main work of research on Network forensics based on intrusion detection in IPv6 environment includes:1.Research on methods and key technology of network forensics based on intrusion detection.With analyzing and contrasting different network forensics methods,refer to existing results on indicator processing of network forensic,various network data flows in a pure IPv6 network were collected and divided dimensionally.Wireshark is used to obtain data packets,and the protocol analysis technology is used to analyze the data packets.The information entropy calculation method is used to quantify the data and extract feature parameters to reduce the dimension.The chameleon algorithm is improved to overcome the defects that the algorithm itself has limited data point distance factors,and once the merging cannot be undone,by selecting the multi-dimensional factors,introducing the concept of vectors,and using the Euclidean distance to calculate the distance between data points.The cluster analysis algorithm can be better used to analyze the characteristics of the data stream to effectively determine the occurrence of network intrusion.2.Construction of Network Forensics Model Based on Intrusion Detection.This paper compares and analyzes the advantages and disadvantages of several forensic models,determines the network forensics method based on protocol analysis.The use of protocol analysis techniques and clustering algorithms to find out a suitable method for analyzing network intrusion from the process of parameter extraction and clustering.The protocol analysis,quantification,parameter extraction and cluster analysis of network data packets can well overcome defects that different parameters have different types and ranges of values,and the algorithm analyzes data in real time.3.Based on the theoretical analysis,the Hadoop parallel computing platform was built on the Linux platform to perform data preprocessing,data quantification,and feature parameter extraction.The clementine12.0 data analysis software was built on the Windows platform to perform model building and mining process.The proposed method not only performs well in IPv6 intrusion detection,but also has the ability to aggregate unknown attacks.It can effectively obtain timely,critical and effective electronic evidence and preserve valid evidence for legal proceedings.