检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
机构地区:[1]北京邮电大学计算机科学与技术学院,北京100876 [2]北京信息工程学院计算机系,北京100101
出 处:《电信科学》2005年第8期32-36,共5页Telecommunications Science
基 金:国家网络与信息安全技术专项资助项目(No.2004-研1-917-C-022)
摘 要:本文探讨了实现IPv6入侵检测系统的关键技术——规则构造和解析、IPv6包结构解析、IPv6快速规则匹配、IPv6分段重组、对过渡技术的支持、兼容IPv4等,并以SNORT的最新版本V2.2为基础实现了一个支持IPv4、IPv6和过渡技术的入侵检测系统。通过测试,该入侵检测系统能够检测出各种常见的IPv6入侵行为,在最小包长情况下能达到百兆比特每秒线速。Intrusion detection technology,the second protection barrier beyond firewall, is one of the most important network security technologies. After several years' development, IPv6 is becoming maturity. It is necessary and urgent to research and develop the intrusion detection system (IDS) under IPv6 environment. SNORT, written in C, is a well-known, open source, lightweight network intrusion detection system. SNORT supports various hardware and software platforms and has been a research paradigm of IDS for its clear structure, easy extensibility owed to the plug-in mechanism. This paper discusses the key technologies related to IPv6 IDS, including rules construction and parsing, IPv6 packet decoding and fast matching, IPv6 fragmentation and reassembly, transition technologies support and IPv4 compatible, etc.. An IPv6 IDS, based on SNORT2.2, the latest version, is accomplished, which supports IPv4, IPv6 and transition technologies. By testing, this IDS, on the one hand, can detect various IPv6 intrusions; on the other hand, as for the performance, this IDS can reach the line speed under the hybrid traffic of IPv4 and IPv6 of the minimum packets.
关 键 词:入侵检测系统 IPV6 SNORT 过渡技术 快速匹配算法 结构解析 IPV4 规则匹配 最新版本 通过测试
分 类 号:TN915.04[电子电信—通信与信息系统] TP393.08[电子电信—信息与通信工程]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.117