基于IPv6入侵行为检测系统的研究
发布时间:2018-12-07 19:53
【摘要】:随着世界对IPv6的重视,各国加快了IPv6网络在安全技术方面的研究步伐。然而,随着网络技术的进步与发展,IPv6的安全问题并没有得到完全的解决。IPv6的诞生建立在避免IPv4网络中的安全问题的基础之上。目前来看,IPv6确实在网络安全性方面有了很大进步,它解决了数据加密、身份认证以及数据在不安全的网络上进行安全的传输等问题。然而,IPv6协议的改变仅仅是网络层协议的变化,并没有完全解决安全问题,伴随而来的问题是复杂的、新式的、多样的网络入侵与攻击。因此,在使用IPv6协议的新环境下,需要大力推进对网络安全技术方面的研究。 在基于IPv6入侵行为监测系统的研究中,通过对入侵检测系统的学习,对其涉及到很多关键的知识与技术进行了概括与总结,,其中包括捕包工具、协议分析技术、模式匹配技术、特征规则库的建立与更新、实时报警以及IP追踪技术等。 本文通过数据报格式、地址类型与地址分配和ICMP协议三个方面,对IPv4协议与IPv6协议进行了比较,重点分析了入侵行为在IPv4网络与IPv6网络中的表现。在此基础上,设计了基于IPv6入侵行为检测系统的各个模块,提出了快速捕获IPv6数据包的方法,扩展了协议分析技术的协议栈。 完成了基于IPv6入侵行为检测系统的需求分析、系统设计、特征规则库的搭建与更新。在IPv6的环境下,配置了Snort工具的开发环境,对捕包模块、协议分析模块、特征规则库模块都进行了实验验证。
[Abstract]:With the attention of the world to IPv6, many countries speed up the research of IPv6 network in security technology. However, with the progress and development of network technology, the security problem of IPv6 has not been completely solved. The birth of IPv6 is based on avoiding the security problems in IPv4 network. At present, IPv6 has made great progress in network security. It solves the problems of data encryption, identity authentication and secure transmission of data over insecure networks. However, the change of IPv6 protocol is only the change of network layer protocol, and it does not completely solve the security problem. The accompanying problems are complex, new and diverse network intrusion and attack. Therefore, in the new environment of using IPv6 protocol, it is necessary to promote the research of network security technology. In the research of intrusion behavior monitoring system based on IPv6, through the study of intrusion detection system, the paper summarizes and summarizes many key knowledge and technology involved in intrusion detection system, including packet capture tools, protocol analysis technology, pattern matching technology, etc. The establishment and update of feature rule base, real-time alarm and IP tracking technology. In this paper, we compare IPv4 protocol with IPv6 protocol through three aspects: Datagram format, address type and address assignment, and ICMP protocol, and analyze the behavior of intrusion in IPv4 network and IPv6 network. On this basis, each module of intrusion detection system based on IPv6 is designed, the method of fast capturing IPv6 packets is proposed, and the protocol stack of protocol analysis technology is extended. The requirement analysis, system design, building and updating of feature rule base based on IPv6 intrusion detection system are completed. In the environment of IPv6, the development environment of Snort tools is configured, and the module of packet capture, protocol analysis and feature rule base are verified by experiments.
【学位授予单位】:华北电力大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
本文编号:2367755
[Abstract]:With the attention of the world to IPv6, many countries speed up the research of IPv6 network in security technology. However, with the progress and development of network technology, the security problem of IPv6 has not been completely solved. The birth of IPv6 is based on avoiding the security problems in IPv4 network. At present, IPv6 has made great progress in network security. It solves the problems of data encryption, identity authentication and secure transmission of data over insecure networks. However, the change of IPv6 protocol is only the change of network layer protocol, and it does not completely solve the security problem. The accompanying problems are complex, new and diverse network intrusion and attack. Therefore, in the new environment of using IPv6 protocol, it is necessary to promote the research of network security technology. In the research of intrusion behavior monitoring system based on IPv6, through the study of intrusion detection system, the paper summarizes and summarizes many key knowledge and technology involved in intrusion detection system, including packet capture tools, protocol analysis technology, pattern matching technology, etc. The establishment and update of feature rule base, real-time alarm and IP tracking technology. In this paper, we compare IPv4 protocol with IPv6 protocol through three aspects: Datagram format, address type and address assignment, and ICMP protocol, and analyze the behavior of intrusion in IPv4 network and IPv6 network. On this basis, each module of intrusion detection system based on IPv6 is designed, the method of fast capturing IPv6 packets is proposed, and the protocol stack of protocol analysis technology is extended. The requirement analysis, system design, building and updating of feature rule base based on IPv6 intrusion detection system are completed. In the environment of IPv6, the development environment of Snort tools is configured, and the module of packet capture, protocol analysis and feature rule base are verified by experiments.
【学位授予单位】:华北电力大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【参考文献】
相关期刊论文 前10条
1 卢鹏;;一种轻量级入侵检测系统Snort[J];硅谷;2013年04期
2 王相林;朱晨;孙冬梅;李明月;沈清姿;;IPv6网络协议中分段机制安全问题的研究[J];电信科学;2013年10期
3 张昊;;计算机网络数据包捕获技术浅析[J];合肥学院学报(自然科学版);2009年02期
4 谢鲲;张大方;文吉刚;谢高岗;;基于WinPcap的实时网络监测系统[J];湖南大学学报(自然科学版);2006年02期
5 蒋文娟;卢朝晖;刘家宁;;基于IPv6的组播编程实例剖析[J];海南师范学院学报(自然科学版);2007年04期
6 杨海松,李津生,洪佩琳;分布开放式的入侵检测与响应架构——IDRA[J];计算机学报;2003年09期
7 李振强;赵晓宇;马严;;IPv6安全脆弱性研究[J];计算机应用研究;2006年11期
8 邱桔;陈若珊;;一个基于原始套接字的Sniffer的设计与实现[J];计算机应用与软件;2006年04期
9 任颖;李华伟;王丽娜;;基于Snort的入侵检测系统的研究与改进[J];计算技术与自动化;2012年03期
10 陈淑仪;IPv6对IPv4的新特征[J];数据通信;2002年03期
本文编号:2367755
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2367755.html
