IPv6环境下的入侵检测系统模型设计

IPv6将作为下一代Internet的网络协议，对信息安全提出了新的挑战，入侵检测技术也需要进一步发展。针对此提出了IPv6环境下入侵检测系统模型(IDSMIPv6)。探讨了流量分析、网络阻断、灾难恢复、IP追踪、快速捕包和高速地址匹配等关键技术，并利用协同技术，实现了各个模块的总体控制。依据此系统模型构建的IPv6环境下的入侵检测系统软件在实践中得到了良好的验证。

Study on Intrusion Detection and Prevention Based on IPv6 Internet

The next generation protocol IPv6(Internet Protocol version 6) brings a new challenge to the information security. We present an intrusion detection system model based on IPv6 Internet (IDSMIPv6) to address this challenge.Such a model consists of five modules i.e. intruder tracking, data flow analysis, disaster recovery, rapid capturing packets and address matching, and network blocking.The technique of coordination and interaction is introduced into the modules for realizing the coordination control among modules.The Intrution Detection System(IDS) based on this model builds the IPv6 signature library which supports the IPv4/IPv6 protocols and the transition mechanism.Simulations show that the percentage of false negative of IDS based on this model is around 5% and the percentage of false positive is around 8% in the speed of 100M.The data capturing is based on dynamic cataloging analysis and processing of the parallel data. The data capturing sub-system which is made up of several detectors and an analyser can capture all packets for analysis under the condition of five hosts in the speed of 400M or seven hosts in the speed of 800M.The intruder tracking can record the source of hacker at any time, supporting the extensible source IP validation library and location mechanism;moreover, it will make some analysis and prediction in visualization. If the LAN suffers a large scale terrible intrusion, the system will cut off the sub-network by a block-out algorithm.