摘要
随着互联网下一代协议IPv6的应用越来越广泛,IPv4和IPv6之间的过渡技术将被大量使用,这势必会对网络安全提出新的挑战。传统的入侵检测系统主要检测对象是IPv4协议下的数据,针对过渡时期隧道技术中所存在的安全隐患,提出了一个实际可行的基于CIDF框架的入侵检测系统的设计方案。通过先期对网络中数据包的高速捕获,从中识别出隧道数据包,并采用协议分析对其各层协议进行层层解析,分析各个协议的包头和数据部分。然后结合改进的特征模式匹配的检测方法对数据包进行检测,该方法将一定时间间隔内匹配次数较多的入侵模式导入到一个优先匹配表中进行先行匹配,这样会大大提高匹配的效率。小型局域网内的实验表明,该系统不仅可以对隧道数据包中的安全威胁做出检测,且检测效率相对改进匹配策略之前有较大的提高。
With the increasing application of the next generation internet protocol IPv6, the transition technology between IPv4 and IPv6 will be used widely. This will inevitably become a new challenge to the network security. The objects of traditional intrusion detection system are packets in IPv4 pro- tocol. For the hidden security trouble of the tunnel technology, this paper proposes a practical de- sign of intrusion detection system based on CIDF frame. Through the high speed capturing of packets in advance, tunnel packets with them can be identified. The protocol analysis is applied to identified protocol header and data part at each protocol from every layers. Then the tunnel packets are detec- ted with the improved matching patterns. This method puts those patterns whose match numbers in a given time interval are greater than others to a match table, so as the match efficiency can be increased greatly. Actual experiments in a LAN show that this system can not only detect the security threats of tunnel packets, but also increase the detection efficiency, as compared with the mothod used before.
出处
《广西大学学报(自然科学版)》
CAS
CSCD
北大核心
2011年第A01期190-194,共5页
Journal of Guangxi University(Natural Science Edition)
关键词
IPV6
过渡技术
网络安全
入侵检测
IPv6
transition technology
network security
intrusion detection
