A Scalable Intrusion Detection System for IPv6

摘要

The next generation protocol IPv6 brings the new challenges to the information security. This paper presents the design and implementation of a network-based intrusion detection system that support both IPv6 protocol and IPv4 protocol. This system's architecture is focused on performance, simplicity, and scalability. There are four primary subsystems that make it up: the packet capture, the packet decoder, the detection engine, and the logging and alerting subsystem. This paper further describes a new approach to packet capture whose goal is to improve the performance of the capture process at high speeds. The evaluation shows that the system has a good performance to detect IPv6 attacks and IPv4 attacks, and achieves 61% correct detection rate with20% false detection rate at the speed of 100 Mb-s~(-1).