Research Of Anomaly Detection System Of Network Traffic Based On Data Mining

With the scale of the computer network and application fields growing, network has become an important part of the daily life and work. However, due to increasing the network complexity and heterogeneity, the number of the internet virus and various human factors become more and more through transmitting, which probably influence the function of the internet and seriously disturb the normal operation of the network order. Under such circumstances, accurate and rapid detection of abnormal network traffic and rational response is one of the key issues to ensure the effective functioning of the network. In order to solve the above problem, this paper designs an abnormal detection system to analysis of network traffic correctly.In order to guarantee a higher detection rate and lower false alarm rate, we use data mining technology. From the historical data network Lane, we can get a storehouse of normal and abnormal behavior. Compared with the use real-time network data flow, we can discriminate the abnormal behavior network traffic data. If it is found that the data fail to be recognized we can use artificial intervention by the way, update the rule storehouse and enhance the ability to identify the unknown data. To avoid actions between hosts there is a big difference caused by the misjudgment, the paper is based on the historical network data as the audit data sources. We count the number of visiting between the network mainframes according to clustering algorithm and we will build up clustering IP group in order to guide the network audit data streaming, after the audit data separately for the establishment of rules. The paper make a detailed description of the whole detection system, the various components of the system functions and realization.In the experiment, we install the implemented prototype system in the outlet of campus network, and real-time access to the campus network monitoring network traffic. Then, we make several network attacks to a server in the campus network, and found that the prototype system can be effective in identifying known attack types of data as well as data unknown good recognition ability and the implementation of the network traffic in real time abnormal detection.