Research Of Anomaly Detection System Of Network Traffic Based On Data Mining

With the scale of the computer network and application fields growing, network hasbecome an important part of the daily life and work. However, due to increasing thenetwork complexity and heterogeneity, the number of the internet virusand various human factors become more and more through transmitting, whichprobably influence the function of the internet and seriously disturb the normaloperation of the network order. Under such circumstances, accurate and rapiddetection of abnormal network traffic and rational response is one of the key issues toensure the effective functioning of the network. In order to solve the above problem,this paper designs an abnormal detection system to analysis of network trafficcorrectly.In order to guarantee a higher detection rate and lower false alarm rate, we usedata mining technology. From the historical data network Lane, we can get astorehouse of normal and abnormal behavior. Compared with the use real-timenetwork data flow, we can discriminate the abnormal behavior network traffic data.If it is found that the data fail to be recognized we can use artificial intervention bythe way, update the rule storehouse and enhance the ability to identify the unknowndata.To avoid actions between hosts there is a big difference caused by themisjudgment, the paper is based on the historical network data as the audit datasources. We count the number of visiting between the network mainframes accordingto clustering algorithm and we will build up clustering IP group in order to guide thenetwork audit data streaming, after the audit data separately for the establishment ofrules. The paper make a detailed description of the whole detection system, thevarious components of the system functions and realization.In the experiment, we install the implemented prototype system in the outlet ofcampus network, and real-time access to the campus network monitoring networktraffic. Then, we make several network attacks to a server in the campus network, andfound that the prototype system can be effective in identifying known attack types ofdata as well as data unknown good recognition ability and the implementation of thenetwork traffic in real time abnormal detection.