IPv6下基于Snort的入侵檢測系統(tǒng)研究
發(fā)布時間:2018-11-19 11:39
【摘要】:以Internet為基礎的全球互聯(lián)網對人們的生活產生了巨大的影響,隨著互聯(lián)網的發(fā)展,,其開放性、共享性和互聯(lián)程度不斷擴大,網絡的重要性和對社會的影響也越來越大。網絡安全問題顯得越來越重要。入侵檢測是檢測和識別計算機系統(tǒng)和網絡系統(tǒng),或者更廣意義上的信息系統(tǒng)非法攻擊,或者違反安全策略事件的過程,它從網絡環(huán)境中采集數(shù)據(jù),分析數(shù)據(jù),發(fā)現(xiàn)可疑攻擊行為或者異常事件,并采取一定的響應措施攔截攻擊行為,降低可能的損失。目前,基于IPv4的入侵檢測系統(tǒng)(IDS,intrusion detection system)已有較為廣泛的應用,但由于IPv6網絡還未開始大范圍部署,因而基于IPv6的入侵檢測系統(tǒng)多處于研究階段。 該課題在深入分析IPv4網絡中的入侵檢測系統(tǒng)的基礎上,通過對IPv6網絡攻擊,以及IPv6仍需面臨的網絡威脅的研究,并結合IPv6協(xié)議分析、以及基于規(guī)則的特征匹配等入侵檢測技術,提出了IPv6網絡入侵檢測系統(tǒng)的總體設計方案。 該課題重點研究、設計并實現(xiàn)了總體方案中的終端級IPv6網絡入侵檢測系統(tǒng)。該系統(tǒng)是以分析開源的輕量級網絡入侵檢測系統(tǒng)——Snort為基礎,并在Snort系統(tǒng)中加入基于IPv6協(xié)議分析技術和基于IPv6規(guī)則的特征匹配技術的原理上設計實現(xiàn)的。隨后根據(jù)終端級IPv6入侵檢測系統(tǒng)的設計框圖,詳細研究、設計并實現(xiàn)了IPv6數(shù)據(jù)包的捕獲模塊、IPv6協(xié)議解析模塊、IPv6預處理模塊、IPv6規(guī)則解析與IPv6特征檢測匹配模塊等六大模塊。該課題的研究,對于IPv6的入侵檢測技術有一定的參考價值。
[Abstract]:The global Internet based on Internet has a great impact on people's life. With the development of Internet, its openness, sharing and interconnection are expanding, and the importance of the network and its impact on the society are becoming more and more great. The problem of network security is becoming more and more important. Intrusion detection is the process of detecting and identifying computer system and network system, or, in a wider sense, information system illegal attack, or violation of security policy event. It collects data from network environment and analyzes data. The suspicious attack behavior or abnormal event is found, and some response measures are taken to intercept the attack behavior to reduce the possible loss. At present, the intrusion detection system (IDS,intrusion detection system) based on IPv4 has been widely used, but because the IPv6 network has not been deployed on a large scale, most of the intrusion detection systems based on IPv6 are in the research stage. On the basis of deeply analyzing the intrusion detection system in IPv4 network, this paper studies the network attack of IPv6 and the network threat that IPv6 still faces, and combines with the analysis of IPv6 protocol, and the intrusion detection technology such as rule-based feature matching, etc. The overall design scheme of IPv6 network intrusion detection system is put forward. This paper focuses on the research, design and implementation of the terminal level IPv6 network intrusion detection system. The system is based on the analysis of open source lightweight network intrusion detection system (Snort) and the principle of adding IPv6 protocol analysis technology and IPv6 rule-based feature matching technology to Snort system. Then according to the design block diagram of terminal level IPv6 intrusion detection system, six modules, such as IPv6 packet capture module, IPv6 protocol parsing module, IPv6 preprocessing module, IPv6 rule parsing module and IPv6 feature detection matching module, are designed and implemented in detail. The research of this topic has certain reference value for IPv6 intrusion detection technology.
【學位授予單位】:河北聯(lián)合大學
【學位級別】:碩士
【學位授予年份】:2014
【分類號】:TP393.08
本文編號:2342206
[Abstract]:The global Internet based on Internet has a great impact on people's life. With the development of Internet, its openness, sharing and interconnection are expanding, and the importance of the network and its impact on the society are becoming more and more great. The problem of network security is becoming more and more important. Intrusion detection is the process of detecting and identifying computer system and network system, or, in a wider sense, information system illegal attack, or violation of security policy event. It collects data from network environment and analyzes data. The suspicious attack behavior or abnormal event is found, and some response measures are taken to intercept the attack behavior to reduce the possible loss. At present, the intrusion detection system (IDS,intrusion detection system) based on IPv4 has been widely used, but because the IPv6 network has not been deployed on a large scale, most of the intrusion detection systems based on IPv6 are in the research stage. On the basis of deeply analyzing the intrusion detection system in IPv4 network, this paper studies the network attack of IPv6 and the network threat that IPv6 still faces, and combines with the analysis of IPv6 protocol, and the intrusion detection technology such as rule-based feature matching, etc. The overall design scheme of IPv6 network intrusion detection system is put forward. This paper focuses on the research, design and implementation of the terminal level IPv6 network intrusion detection system. The system is based on the analysis of open source lightweight network intrusion detection system (Snort) and the principle of adding IPv6 protocol analysis technology and IPv6 rule-based feature matching technology to Snort system. Then according to the design block diagram of terminal level IPv6 intrusion detection system, six modules, such as IPv6 packet capture module, IPv6 protocol parsing module, IPv6 preprocessing module, IPv6 rule parsing module and IPv6 feature detection matching module, are designed and implemented in detail. The research of this topic has certain reference value for IPv6 intrusion detection technology.
【學位授予單位】:河北聯(lián)合大學
【學位級別】:碩士
【學位授予年份】:2014
【分類號】:TP393.08
【參考文獻】
相關期刊論文 前5條
1 吳澤民,鄭少仁;IPv6的新特性及其過渡策略[J];電信科學;2000年06期
2 李建敏;魏明軍;劉玉芳;;即時通信軟件檢測技術的研究[J];福建電腦;2009年12期
3 杜建國,郭巧;協(xié)議分析和命令解析在入侵檢測中的應用[J];計算機工程與應用;2004年18期
4 賀文華;陳志剛;胡玉平;;基于IPv6的網絡安全與性能分析[J];微電子學與計算機;2007年10期
5 莊緒春;孟相如;韓仲祥;;高速網絡環(huán)境中入侵檢測技術探討[J];信息與電子工程;2006年04期
相關博士學位論文 前1條
1 黎耀;IPv6環(huán)境下異常檢測系統(tǒng)的關鍵技術研究[D];華中科技大學;2006年
本文編號:2342206
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2342206.html
最近更新
教材專著
