Research On Several Key Technologies Of Intrusion Detection System Based On IPv6

With the rapid development of IPv6 network deployment process,the security problem of IPSec technology in IPv6 protocol has gradually emerged,which has become a hot research topic.As a network security protection technology,intrusion detection is an important means to solve security problems.Therefore,the research on Key Technologies of intrusion detection system based on IPv6 is of great practical significance to network information security.This paper uses the open source Snort Intrusion Detection System(IDS)as the main research platform.But Snort can't detect the unknown intrusion behavior,its self-learning ability is not high,and it can't detect IPv6 data flow and encrypted IPSec data packet effectively,so the detection rate is low and the system stability is not high.In view of the above problems,this paper combines the characteristics of IPv6 protocol technology to research the related technologies of intrusion detection system as follows:There are different intruded objects in the network,such as the specific network devices for the host and router,and the whole network.Different intrusion objects and intrusion behaviors will have different detection methods and technologies.In this paper,aiming at different intruded objects and intrusion behaviors,based on the shortcomings of Snort system,a Multi Object intrusion detection method is designed to effectively detect intrusion behaviors and abnormal behaviors of network.The core of this Multi Object intrusion detection method is to propose a new string search algorithm DAC-BMY based on the analysis and comparison of three classical pattern matching algorithms KMP,BM and AC.This algorithm has a great improvement on string matching efficiency and detection performance.At the same time,the Multi Object Intrusion Detection Method also integrates the protocol analysis technology based on information entropy,which can greatly reduce the calculation of matching by dimension reduction technology.In this paper,Multi Object intrusion detection method is used to redesign and implement the preprocessing plug-in and protocol parsing modules of Snort open source system,and an independent IPSec packet detection for IPv6 encryption is added to form a new improved Multi Object Intrusion Detection system based onSnort,which is called MIDS for short.There are four subsystems in the mid system,which are network-based intrusion detection subsystem(integrated and improved in the original Snort),host based intrusion detection system(New),response subsystem and monitoring subsystem(inherited from the original Snort).They are respectively responsible for packet capture,packet analysis,preprocessing,detection engine,output alarm and other functions.Experiments show that the MIDS system works normally.In addition,the Multi Object intrusion detection method improves the matching efficiency and performance of the intrusion detection system significantly,reduces the matching workload,solves the problem that Snort system can not effectively detect IPv6 data flow and encrypted IPSec data packets,and strengthens Snort's self-learning ability,The system performance and stability are improved.