基于SNORT的IPv6入侵检测系统的研究与实现  被引量:9

Research and Development of IPv6 IDS Based on SNORT

在线阅读下载全文

作  者:李振强[1] 徐一元[2] 马严[1] 

机构地区:[1]北京邮电大学计算机科学与技术学院,北京100876 [2]北京信息工程学院计算机系,北京100101

出  处:《电信科学》2005年第8期32-36,共5页Telecommunications Science

基  金:国家网络与信息安全技术专项资助项目(No.2004-研1-917-C-022)

摘  要:本文探讨了实现IPv6入侵检测系统的关键技术——规则构造和解析、IPv6包结构解析、IPv6快速规则匹配、IPv6分段重组、对过渡技术的支持、兼容IPv4等,并以SNORT的最新版本V2.2为基础实现了一个支持IPv4、IPv6和过渡技术的入侵检测系统。通过测试,该入侵检测系统能够检测出各种常见的IPv6入侵行为,在最小包长情况下能达到百兆比特每秒线速。Intrusion detection technology,the second protection barrier beyond firewall, is one of the most important network security technologies. After several years' development, IPv6 is becoming maturity. It is necessary and urgent to research and develop the intrusion detection system (IDS) under IPv6 environment. SNORT, written in C, is a well-known, open source, lightweight network intrusion detection system. SNORT supports various hardware and software platforms and has been a research paradigm of IDS for its clear structure, easy extensibility owed to the plug-in mechanism. This paper discusses the key technologies related to IPv6 IDS, including rules construction and parsing, IPv6 packet decoding and fast matching, IPv6 fragmentation and reassembly, transition technologies support and IPv4 compatible, etc.. An IPv6 IDS, based on SNORT2.2, the latest version, is accomplished, which supports IPv4, IPv6 and transition technologies. By testing, this IDS, on the one hand, can detect various IPv6 intrusions; on the other hand, as for the performance, this IDS can reach the line speed under the hybrid traffic of IPv4 and IPv6 of the minimum packets.

关 键 词:入侵检测系统 IPV6 SNORT 过渡技术 快速匹配算法 结构解析 IPV4 规则匹配 最新版本 通过测试 

分 类 号:TN915.04[电子电信—通信与信息系统] TP393.08[电子电信—信息与通信工程]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象