2014 Fifth International Conference on Intelligent Systems Design and Engineering Applications

Design of security detection module of underlying IPv6 network in differential

computer system
ZHUANG Lian-Ying 1
North China Institute Of Aerospace Engineering, LangFang HeBei 065000, China
106311329@qq.com
ensure the efficiency and accuracy of different computer
system collaboration, and the overall production
performance of computer system can be improved in result.
With the increasing number of different computer systems,
the computer network security problem is prominent and
increasing resulted from the factors such as the external
environmental interference etc. the network security
detection is becoming more and more important to ensure
the security of network and computer system[2]. Network
security detection is a process of network behavior detection,
security log detection and other network information
processing. The attacking behavior and aggressive behavior
should be detected to ensure the security of the system.
Therefore, the network security detection system is an active
security protection means, on the basis of the detection
system, the computer system can be protected from internal
and external interference in real-time, and the alarm
processing is obtained if the safety risk appeared. The
network security detection technology always is combined
with IPvie technology, and it can effectively solve the largescale differential network security issues. The IPv6 protocol
can solve the resources lack problem of traditional IPv4
address. Therefore, the current differential computer system
is established based on IPv6 network. Along with the rapid
development of IPv6 application technology, the situation of
network information security is becoming more severe and
complicated, and the corresponding issues of network
security is increasing. The message transmitting efficiency in
computer system is reduced, and the message receiving
accuracy is reduced. We should search for reasonable
method for constructing fast and effective underlying
network security detection module of differential computer
system, and the corresponding research subject is becoming
the focus of analysis and research for scholars[3].
In this paper, an improved underlying IPv6 network
security detection module design method is proposed for the
multi computer system. The detailed module design plan is
obtained. In the network security detection system, the new
technologies such as receiving thread domain, object
forwarding domain and file buffer are taken into
consideration. It can solve the security detection difficult
problem caused by the IPv6 network differences in
underlying computer system. Experimental results show that
this system can detect the security problem in differential
computer system quickly and accurately. The data packet
forwarding success rate has been increased from 77% to
90%, and the acquisition success rate of abnormal data
packet in terminal increases from 67% to 88%. It shows

AbstractAccording to the underlying IPv6 network of the

differential computer system, there are differences in the
computer system network, and the security detection has the
blind zone. The difference of the underlying IPv6 network in
the computer system is analyzed comprehensively. On the
basis of this, an improved underlying IPv6 network security
detection module design method is proposed for the multi
computer system. The detailed module design plan is obtained.
In the network security detection system, the new technologies
such as receiving thread domain, object forwarding domain
and file buffer are taken into consideration. It can solve the
security detection difficult problem caused by the IPv6
network differences in underlying computer system.
Experimental results show that this system can detect the
security problem in differential computer system quickly and
accurately. The data packet forwarding success rate has been
increased from 77% to 90%, and the acquisition success rate
of abnormal data packet in terminal increases from 67% to
88%. It shows good application value in security detection of
differential computer system.
Keywords- differential computer system; IPv6; network
security detection; thread pool; object pool

I.

INTRODUCTION

Currently, with the rapid development of computer

technology, network technology, computer and networking
has brought enormous changes to our lives. Such as
shopping, online banking transactions, many things can be
accomplished at home. In the popularization of human life
with the computer network technology, the security problem
of network came out, and it was the most important issue for
the development of computer network technology. If the
security of the computer network cannot be guaranteed, the
secret information, E-banking accounts, and personal
information cannot be guaranteed all. The computer network
will not be used anymore. During the increasing serious and
urgent situation of network security, many ways are
researched to deal with underlying IPv6 network security
detection, firewall, computer network encryption technology
and Intrusion Detection System (IDS). So the computer
network security technology is very important for computer
technology and network development. In general, there are
such function that intrusion detection system contains. (1)
Identify the computer intruder invasion. (2) Identify the
intruder intrusion intruder vandalism. (3) Intercept the
breakthrough. (4) Propose effective defensive method[1].
As far as we know, the different computer systems have
difference to a certain degree, and with the development of
computer technology, the network method can be used to
978-1-4799-4261-9/14 $31.00 2014 IEEE
DOI 10.1109/ISDEA.2014.94

389

are extracted from the forwarding object domain to transmit

the data. If there is no available connection object, a new
connection objects should be created, and the data is
transmitted to the destination address. The log information is
stored in the file buffer, until the file buffer saturation. Then,
all the log information is written to the file. The underlying
IPv6 network securityy detection process
is shown in Figure
p
g 2.

good application value in security detection of differential

computer system.
II.

DESIGN OF SECURITY DETECTION MODULE OF

COMPUTER SYSTEM UNDERLYING IPV6 NETWORK

In this paper, the security detection module of

differential computer system underlying IPv6 network is
analyzed. And the receiving thread domain, object
forwarding domain and file buffer technologies are proposed.
The security detection model of computer system underlying
IPv6 network is established[4].
1.1 Design of the overall framework module
According to the differential computer system, the
underlying IPv6 network security detection module is
established, and the module includes the bottom fusion
module, which is established to solve the data difference
problem, data packet acquisition module and the middle
module[5]. Wherein, the data packet acquisition module
includes: file buffer area, receiving thread domain and
forwarding connection object domain. The detailed structure
diagram of the module is shown in Figure
1.
g

Figure 2. Figure 2. Flow chart of underlying IPv6 network security

detection process

III.

MODULE DESIGN AND KEY TECHNOLOGY

A.

Receiving threads domain module design

The receiving threads domain module is design in the
security detection system, the receiving threads domain
module is named as WinPcap, and it takes the BPF
information filtering system to eliminate the valueless data
packet. The data packet acquisition efficiency is improved.
Virtual computer system driver module of WinPcap can
filter the data packet, and it the filtered data packet is
transmitted to the user module. WinPcap provides relevant
data acquisition interface for the Windows environment, and
it is compatible with the network analysis tools in Unix
environment, so as to improve the security analysis property
of the whole system. The filter in the BPF kernel is taken to
realize the effective data forwarding. If the data acquisition
module completes data acquisition, it will send the data
connection request, a thread break thread domain is used to
complete data connection. Then, the thread keeps a rest state
again. Through the thread domain method, there is no need
to create a new thread for each connection. The consumption
of system resource is reduced, and efficiency of the system is
improved.

Figure 1. Figure 1. Detailed structure diagram of the module design

1.2 Module work flow

Flow chart of the underlying IPv6 network security
detection module designed as: The network card is set as the
promiscuous mode, and the open.pcap function in the data
acquisition module is used to open the Libpcap and collect
the corresponding data packets. The redundant information
in the data packet is eliminated. The data acquisition module
is used to analyze the collected data from data connection
layer. The validity of data is judged. If there is valid data, the
corresponding thread is called from the thread domain and
the data is processed. The corresponding connection objects

B.

Module design of forwarding connection object

domain
In the traditional forwarding module, the operation
principle of object domain is to store all the objects which
has used. When need to use the object once again, the object

390

can be scheduled, and the energy consumption of system

object can be reduced. In this paper, the object domain is
used to save the relative objects, and the system constructs
the connection objects for each time, it will consume some
resources, the object domain can reduce the amount of
system resources.
The operation steps of forwarding connection object are
shown as follows: First, the transmitted thread data packets
are collected, and the destination of data packet is analyzed,
then, the corresponding destination address is selected based
on setting routing. Secondly, the forwarding connection
object is used to transmit the data. The forwarding
connection object creates the target address connection, and
the data packet is transferred afterwards, and discards the
relevant connection. On the basis of I/O process, the target
address connection and abandoning connection can be
established. In this process, it will consume a lot of resources.
Therefore, we build the connection object domain, if we
need to transmit data, it should collect a forwarding
connection object to transmit data. After completion of data
transmission, the connection object again returns the object
domain, and the improved method reduces the consumption
of network source, and improves the system data transfer
efficiency.
C.

Figure 3. Figure 3. Network security detection model based on IPv6 in

differential computer system

The process of IPv6 network security detection is

expressed as follows: In the bottom modules, the data
packets are collected from network and they are filtered by
de-noising operation. The message is send to the protocol
decoding module which belongs to the middle module. The
protocol analysis is implemented, and detection module
takes the perform protocol analysis for the decoded data
firstly, and makes the security detection based on the data
feature information in the feature database. The messages are
transmitted to different analysis modules according to the
different type of protocols. Then, the security analysis is
taken for the messages in accordance with the feature data
base information. If there is attack, it can alarm. Finally, the
security detection of underlying IPv6 network in differential
computer system is obtained. With the increasing of system
size, the bottom module has gradually become the core
module of the system communication, and information
security of bottom module has a strong influence on the
overall system. This paper mainly deigns the underlying
IPv6 network security detection system and in differential
computer system. And the corresponding detection modules
are designed.

Design of file buffer module

The file buffer is designed to improve the efficiency of

data processing in system, when the system is running I/O
operation, then it will consume a lot of resources, the data
can be written to the buffer area, waiting for the buffer
region data saturation, and then all data is written to the
target computer system. And enhance the capacity of I/O
system. File buffer saves the contents to the buffer area in
the corresponding file buffer area, until the content is
saturated. Then, all file content in the buffer is written to the
file. Resources consumption is reduced resulted from
repeatedly read and write files, and the system performance
is enhanced. In this system, after the data packet is
forwarded in the thread, the log information is saved to the
log file, and the file buffer can reduce the resource
consumption in the process.

IV.

CORE TECHNOLOGY AND REALIZATION

The bottom module of IPv6 network mainly includes

network data packet acquisition module, this module is the
core of the network security detection system in differential
computer system. According to the relevant standards, the
data packets which are associated with security events are
collected, and the data packets are transmitted to the middle
module for security analysis. It provides reliable data for the
overall security detection system. According to the design of
the underlying IPv6 network security detection module, we
should ensure the stability of network data acquisition
module and provide reliable data for overall network
security detection module. Because of the difference of the
computer system, the core technologies and difficulties of
the underlying network security detection in differential
computer systems are expressed as follows:
(1) In the traditional module, when the data packet filters
have a large number of data, if we cannot timely process the
connecting the concurrency, it will lead to network packet is

D.

Design of packet network security detection module

Network security detection system based on IPv6 can
provide data transmission control, initial certification and
avoid replay attacks and other security services. The IPv6
protocol is usually taken two communication security
protocols to obtain the encrypted payload header and
authentication header. The key management and control
protocol are completed for the relevant security service.
Usually, these services can be completed independently at
the IP layer. When the network level and application layer
have the attacking behaviors, the network data packet
transmission has delay and error. The data packets are
analyzed from the underlying network, and network protocol
is analyzed layer by layer. And finally attack behaviors of
high-rise layer and application layer are detected. Network
security detection model under IPv6 is shown in Figure 3.

391

discarded. The accuracy of the network data will be reduced

and it affects the validity of subsequent analysis. (2) The
differential connection application problems in differential
computer system. (3) Effective preservation problem of
objects in differential computer system. (4) The problem of
the difference data files cache. Therefore, the receiving
thread domain, object forwarding domain and file buffer are
proposed to solve the difficulties as above.
V.

From the table as above, the experimental results show

that the: Data packet forwarding success rate has been
increased from 77% to 90%, mainly because of the module
design of forwarding connected domain for computer
difference system. And it ensures the correct information
forwarding. The success rate of abnormal data acquisition at
terminal increases from 67% to 88%, mainly because it is
very difficult to establish a priori intrusion signature
database, it cannot extract completely, but the performance
has improved greatly. The detection rate of network data
packet attack increases by 18%, mainly because the new
technology buffer pool module is used, can the accuracy is
improved dynamically.

EXPERIMENT ANALYSIS

In the simulations, the real DARPA database of

differential computer system is taken as the sample for the
research and simulation, because the database of large
network can represent the real network data and it contains
abundant intrusion signal feature types. The potential
inclined intrusion data is divided into 4 different types as
follow: Probe, DoS, U2R and R2L. The experiment uses the
Java language to realize the model design, data sending
program as the gateway and data receiving program as
terminal are simulated. The detection performance and
operation efficiency are test in the simulation. The
experimental environment and parameters are expressed in
Table 1.

VI.

In this paper, the underlying IPv6 network of the

differential computer system is analyzed, an improved
underlying IPv6 network security detection module design
method is proposed for the multi computer system. The
detailed module design plan is obtained. In the network
security detection system, the new technologies such as
receiving thread domain, object forwarding domain and file
buffer are taken into consideration. It can solve the security
detection difficult problem caused by the IPv6 network
differences in underlying computer system. Experimental
results show that this system can detect the security problem
in differential computer system quickly and accurately. The
data packet forwarding success rate has been increased from
77% to 90%, and the acquisition success rate of abnormal
data packet in terminal increases from 67% to 88%, the
detection performance is good. It shows good application
value in security detection of differential computer system.

Figure 4. Table 1. Experimental environment and parameters

sub
computer
system
Simulation
gateway
Data
transmission
program
Application
terminal

CPU

Memory

OS

Hard disk
space

2.0GHz

1G

WinXP

> 1GB

2.88GHz

2GB

Win 2003
server

>2GB

2.0GHz

1G

Win XP

>1GB

CONCLUSIONS

REFERENCES

The simulated terminal can simulate multiple threads

simultaneously and transmits data, the destination address
generates in random. The data transmitting program
transmits program to three simulation application terminals.
In this experiment, the experimental simulation gateway
sends 200 threads, and each thread sends 150 packets every
2, the total time is 1min, and there are 8765000 packets. The
system performance results are shown in Table 2.

[1]

Figure 5. Table 2. Comparison results of system performance

[4]

Items

Traditional model

Proposed model

Number of packets forwarding

(success rate / %)

259 027 (27.85)

860 000 (100)

Number of abnormal data

packages at terminal (success
rate / %)

258 826 (27.83)

895 860 (88.66)

CPU resource usage rate (/ %)

68

89

Attack detection accuracy rate

of network data packet (/ %)

76

94

Forwarding performance
/Packets /s

765

10568

Receiving time /s

276

140

[2]

[3]

[5]

392

ZHANG Ren-shang. Network Intrusion Detection System Based on

Expert System and Neural Network[J]. Computer Simulation. 2012;
29(9): 162-165.
Gong Juan, Duan Shuhua. Application of Neural Network Based on
Particle Swarm Algorithm for Intrusion Detection[J]. Computer
Measurement & Control. 2010; 18(8): 1924-1927.
JIANG Yun, CHEN Na, MING Li-te, et al. Bagging-based
probability Neural Network Ensemble Classification Algorithm[J].
Computer Science. 2013; 40(5): 242-246.
Zhu Zhen. A Support Vector Machine Algorithm Based on
Pretreatment of Neural Network Ensemble[J]. Bulletin of Science and
Technology. 2013; 29(4): 26-30.
LUO Liming, ZHOU Zhen. IPV6 Based Network Security Intrusion
Detection Technology Research[J]. Bulletin of Science and
Technology. 2012; 28(4): 113-115, 140.