Aiming at the problem that IPv6 nodes are easily under probing attack by an attacker while end-to-end communication is restored in the IPv6 network, a proactive defense model of Address Hopping based on Sliding Time Window in IPv6 (AHSTW) was proposed. Session parameters such as the address hopping interval were firstly negotiated by using the shared key, and then the concept of sending and receiving time window was introduced. The two communication parties sent or received only the packets in the time window, through a Time Window Adaptive Adjustment (TWAA) algorithm. According to the change of network delay, the time window could be adjusted in time to adapt to the changes of the network environment. The theoretical analysis shows that the proposed model can effectively resist the data interception attacks and Denial of Service (DoS) attacks on the target IPv6 nodes. The experimental results show that in the transmission of the same data packet size, the extra CPU overhead of AHSTW model is to 2-5 percentage points, with no significant increase in communication cost and no significant decline in communication efficiency. The addresses and ports of two communication parties are random, decentralized, out of order and so on, which greatly improves the cost and difficulty of attackers and protects the network security of IPv6.

Nowadays, privacy protection for identity and trajectory has been a hot point in research and application field of Mobile IPv6 (MIPv6). Targeting on the problem that the mobile message and application data of mobile node suffers from malicious data analysis to expose its identity and to be located and tracked, an MIPv6 address privacy protection mechanism named IMTP was proposed, which supports hidden identity and prevents location tracking. In the first place, by applying self-defining mobile message option Encryptedword and making XOR transformation with home address, IMTP achieved the privacy protection of MIPv6 node identity. In the second place, by means of the mutual authentication technique among any nodes, this mechanism completed the randomly appointing of location proxy and hided the care of address of mobile node, thus to realize the privacy protection of MIPv6 node trajectory. The result of simulation indicates that IMTP has the higher quality of privacy protection and low resource cost. Meanwhile, it not only modifies a little of the standard MIPv6 protocol and well supports routing optimization, but also possesses flexible deployment, strong scalability and other advantages. The dual privacy protection for identity and trajectory provided by IMTP will be benefit to reduce the probability that specific mobile node communication data would be intercepted, thus to guarantee the communication security among the mobile nodes.

IPv6 Neighbor Cache (NC) was very vulnerable to be attacked, therefore, an improved method named Reversed Detection Plus (RD+) was proposed. Timestamp and sequence were firstly introduced to limit strict time of response and response matching respectively; RD+ queue was defined to store timestamp and sequence, and Random Early Detection Based on Timestamp (RED-T) algorithm was designed to prevent Denial of Service (DoS) attacks. The experimental results show that RD+ can effectively protect IPv6 NC to resist spoofing and DoS attacks, and compared with Heuristic and Explicit (HE) and Secure Neighbor Discovery (SEND), RD+ has a low consumption of resources.