Title :
Implementation of multi-thread based intrusion prevention system for IPv6
Author :
Lim, Jae-Deok ; Kim, Young-Ho ; Jung, Bo-Heung ; Kim, Ki-Young ; Kim, Jeong-Nyeo ; Lee, Choel-Hoon
Author_Institution :
ETRI, Daejeon
Abstract :
The deployment of the IPv6 network becomes to be realized as the necessity of the IPv6 network is enlarged due to the limit of the IPv4 network. However, the security policy about the IPv6 network is not mature as the IPv4 network and it becomes an obstacle in the IPv6 network deployment. Up to date, in the main network equipment provider including CISCO, and etc, the IPv6-based firewall is released. However, it nearly does not have the IPv6-based intrusion detection system(IDS) and/or intrusion prevention system(IPS) equipment. Moreover, in the open source, the snort which is the de facto standard of the IDS system yet does not support IPv6. This paper introduces the implementation of intrusion prevention system (IPS) that can be applicable to the IPv6 network and has the multi-thread architecture for the performance improvement. The prototype introduced in this paper is implemented as SW base in order to be applied to the IPv6 network preferentially. Although it has a limit to a performance, the prototype can give the basic concepts toward the IPv6-based IPS equipment of the afterward HW base.
Keywords :
IP networks; multi-threading; performance evaluation; telecommunication security; IPv6 network; IPv6-based firewall; intrusion prevention system; multithread architecture; network performance improvement; security policy; Accidents; Computer security; Electronic mail; Information security; Internet; Intrusion detection; Protocols; Prototypes; Routing; Tunneling; IDS; IPS; IPv6 network; IPv6 security; network security;
Conference_Titel :
Control, Automation and Systems, 2007. ICCAS '07. International Conference on
Conference_Location :
Seoul
Print_ISBN :
978-89-950038-6-2
Electronic_ISBN :
978-89-950038-6-2
DOI :
10.1109/ICCAS.2007.4406938
