IPv6下基于Snort的入侵检测系统研究
发布时间:2018-11-19 11:39
【摘要】:以Internet为基础的全球互联网对人们的生活产生了巨大的影响,随着互联网的发展,,其开放性、共享性和互联程度不断扩大,网络的重要性和对社会的影响也越来越大。网络安全问题显得越来越重要。入侵检测是检测和识别计算机系统和网络系统,或者更广意义上的信息系统非法攻击,或者违反安全策略事件的过程,它从网络环境中采集数据,分析数据,发现可疑攻击行为或者异常事件,并采取一定的响应措施拦截攻击行为,降低可能的损失。目前,基于IPv4的入侵检测系统(IDS,intrusion detection system)已有较为广泛的应用,但由于IPv6网络还未开始大范围部署,因而基于IPv6的入侵检测系统多处于研究阶段。 该课题在深入分析IPv4网络中的入侵检测系统的基础上,通过对IPv6网络攻击,以及IPv6仍需面临的网络威胁的研究,并结合IPv6协议分析、以及基于规则的特征匹配等入侵检测技术,提出了IPv6网络入侵检测系统的总体设计方案。 该课题重点研究、设计并实现了总体方案中的终端级IPv6网络入侵检测系统。该系统是以分析开源的轻量级网络入侵检测系统——Snort为基础,并在Snort系统中加入基于IPv6协议分析技术和基于IPv6规则的特征匹配技术的原理上设计实现的。随后根据终端级IPv6入侵检测系统的设计框图,详细研究、设计并实现了IPv6数据包的捕获模块、IPv6协议解析模块、IPv6预处理模块、IPv6规则解析与IPv6特征检测匹配模块等六大模块。该课题的研究,对于IPv6的入侵检测技术有一定的参考价值。
[Abstract]:The global Internet based on Internet has a great impact on people's life. With the development of Internet, its openness, sharing and interconnection are expanding, and the importance of the network and its impact on the society are becoming more and more great. The problem of network security is becoming more and more important. Intrusion detection is the process of detecting and identifying computer system and network system, or, in a wider sense, information system illegal attack, or violation of security policy event. It collects data from network environment and analyzes data. The suspicious attack behavior or abnormal event is found, and some response measures are taken to intercept the attack behavior to reduce the possible loss. At present, the intrusion detection system (IDS,intrusion detection system) based on IPv4 has been widely used, but because the IPv6 network has not been deployed on a large scale, most of the intrusion detection systems based on IPv6 are in the research stage. On the basis of deeply analyzing the intrusion detection system in IPv4 network, this paper studies the network attack of IPv6 and the network threat that IPv6 still faces, and combines with the analysis of IPv6 protocol, and the intrusion detection technology such as rule-based feature matching, etc. The overall design scheme of IPv6 network intrusion detection system is put forward. This paper focuses on the research, design and implementation of the terminal level IPv6 network intrusion detection system. The system is based on the analysis of open source lightweight network intrusion detection system (Snort) and the principle of adding IPv6 protocol analysis technology and IPv6 rule-based feature matching technology to Snort system. Then according to the design block diagram of terminal level IPv6 intrusion detection system, six modules, such as IPv6 packet capture module, IPv6 protocol parsing module, IPv6 preprocessing module, IPv6 rule parsing module and IPv6 feature detection matching module, are designed and implemented in detail. The research of this topic has certain reference value for IPv6 intrusion detection technology.
【学位授予单位】:河北联合大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
本文编号:2342206
[Abstract]:The global Internet based on Internet has a great impact on people's life. With the development of Internet, its openness, sharing and interconnection are expanding, and the importance of the network and its impact on the society are becoming more and more great. The problem of network security is becoming more and more important. Intrusion detection is the process of detecting and identifying computer system and network system, or, in a wider sense, information system illegal attack, or violation of security policy event. It collects data from network environment and analyzes data. The suspicious attack behavior or abnormal event is found, and some response measures are taken to intercept the attack behavior to reduce the possible loss. At present, the intrusion detection system (IDS,intrusion detection system) based on IPv4 has been widely used, but because the IPv6 network has not been deployed on a large scale, most of the intrusion detection systems based on IPv6 are in the research stage. On the basis of deeply analyzing the intrusion detection system in IPv4 network, this paper studies the network attack of IPv6 and the network threat that IPv6 still faces, and combines with the analysis of IPv6 protocol, and the intrusion detection technology such as rule-based feature matching, etc. The overall design scheme of IPv6 network intrusion detection system is put forward. This paper focuses on the research, design and implementation of the terminal level IPv6 network intrusion detection system. The system is based on the analysis of open source lightweight network intrusion detection system (Snort) and the principle of adding IPv6 protocol analysis technology and IPv6 rule-based feature matching technology to Snort system. Then according to the design block diagram of terminal level IPv6 intrusion detection system, six modules, such as IPv6 packet capture module, IPv6 protocol parsing module, IPv6 preprocessing module, IPv6 rule parsing module and IPv6 feature detection matching module, are designed and implemented in detail. The research of this topic has certain reference value for IPv6 intrusion detection technology.
【学位授予单位】:河北联合大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【参考文献】
相关期刊论文 前5条
1 吴泽民,郑少仁;IPv6的新特性及其过渡策略[J];电信科学;2000年06期
2 李建敏;魏明军;刘玉芳;;即时通信软件检测技术的研究[J];福建电脑;2009年12期
3 杜建国,郭巧;协议分析和命令解析在入侵检测中的应用[J];计算机工程与应用;2004年18期
4 贺文华;陈志刚;胡玉平;;基于IPv6的网络安全与性能分析[J];微电子学与计算机;2007年10期
5 庄绪春;孟相如;韩仲祥;;高速网络环境中入侵检测技术探讨[J];信息与电子工程;2006年04期
相关博士学位论文 前1条
1 黎耀;IPv6环境下异常检测系统的关键技术研究[D];华中科技大学;2006年
本文编号:2342206
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2342206.html
