

Research and Application of Intrusion Detection System with Protocol Analysis Technology Based on IPv6

【作者】 徐林

【导师】 姚国祥;

【作者基本信息】 暨南大学 , 计算机应用技术, 2006, 硕士

【摘要】 如今的社会已进入信息化的时代,网络已成为人们生活中必不可少的内容,通过网络,人们可以快速、便捷地获取各种各样的信息;通过网络,人们可以方便地与世界各地的人们进行交流;通过网络,人们可以更容易地推动科学技术的进步与发展。然而,正是由于网络所具有的开放性、广泛性和便捷性,使得网络的安全性问题日益成为人们关注的焦点。目前,Internet互联网采用的是IPv4协议技术,随着网络技术的飞速发展,各种黑客技术也日新月异,IPv4本身所固有的缺陷日益突出,为了更好地适应未来网络发展以及网络安全的需求,IETF小组提出了IPv6协议,IPv6协议代替IPv4将是大势所趋。由于IPv6中强制使用IPSec协议,所以与IPv4相比,IPv6将具有更高的安全性,但是网络的入侵攻击仍将存在。为了更好地保障网络的安全性,在IPv6协议下建立入侵检测系统是必不可少的。 入侵检测是一种动态的安全防护手段,它能主动寻找入侵信号,给网络系统提供对外部攻击、内部攻击和误操作的安全保护。本文通过对IPv4协议下入侵检测系统的分析和研究,对IPv6协议下的入侵检测系统进行了初步的探索。首先,对IPv6协议下的数据包,尤其是基本报头、扩展报头以及ICMPv6协议等进行了分析和研究;其次,采用协议分析技术作为IDS的检测技术,协议分析技术是目前最新的检测技术,它能够利用网络协议的高度规则性,快速探测已知和尚未发现的系统漏洞、攻击的存在,大大提高了IDS的准确性和性能等。一般地,入侵检测系统包括四个模块,数据捕包模块、协议解析模块、规则匹配模块以及输出控制模块。在本文中,借鉴了一种轻量级的基于网络的入侵检测系统Snort的检测技术,建立起基于IPv6下用协议分析技术实现入侵检测系统的基本框架,主要实现了数据捕包模块、协议解析模块中对部分协议解析的功能函数,另外对规则匹配模块的执行模型进行了设计,并对二维规则链表的结构进行了分析与改进,对入侵检测系统的平台移植进行了有益的探索。

【Abstract】 The network has been indispensable for people in such an information-based society. Using the Internet, people may fast and conveniently gain all kinds of information; people may conveniently communicate with others in every place in the world; and people may easily promote the progress and the development of science and technology. However, the openness, universality and the convenience of network make the security problems become the key point to which people pay attention. At present, the Internet employs the IPv4 protocol technology while each kind of hacker technology also changes along with rapid development of network technology. Therefore, the deficiency of IPv4 is increasingly obvious. In order to meet the requirements of the network future development and security demand, the IETF group proposed the IPv6 protocol, which will replace IPv4 ultimately. Comparing with IPv4, IPv6 will have a higher security degree because IPSec protocol is forced to use in IPv6, but the network intrusion will still exist. In order to protect the security of the Internet more successfully, the intrusion detection system under the protocol IPv6 must be established.Intrusion detection system (IDS) is an active security-defensive mechanism. It can search intrusive signal and offer secure protection against external-attack, internal-attack and inaccurate operation. This thesis analyzed and researched the intrusion detection system under IPv4, and carried on the preliminary exploration to the intrusion detection system under IPv6. Firstly, analysis and research focus on data packets under protocol IPv6, especially the head, expand head and protocol ICMPv6 etc. Secondly, adopting the analysis techniques as detected techniques of IDS, which is the newest detected techniques and it can detect the known and unknown holes and attacks quickly by using network protocol high regularity, and consequently enhanced the IDS accuracy and the performance to a large degree. Generally, there are four modules in intrusion detection system, data packets catching module, protocol

【关键词】 网络安全入侵检测IPv6协议分析
【Key words】 Internet securityintrusion detectionIPv6protocol analysis
  • 【网络出版投稿人】 暨南大学
  • 【网络出版年期】2007年 05期
  • 【分类号】TP393.08
  • 【被引频次】7
  • 【下载频次】280