Research On Netflow Data Processing And Abnormity Detecting

The development of the Internet laid an information foundation for the new economic period. The computer networks have changed the way of life and work. With the rapid development of computer network, the network scale becomes large; the increasing needs for the network resource and more and more malicious activities lie high upon the network and reduce network efficiency. Monitoring the network running state and performance index, finding the security problems have the importance value of network management and security.The NetFlow technique is a proven flow switching technique developed by CISCO. NetFlow data contain various information, which can meet the need of traffic analysis, network monitoring and anomaly detection.Through the above analysis, a NetFlow oriented data processing and anomaly detection system was proposed. The proposed system integrates network management and security detection. It not only can analyze several index of network so as to help to network management, but also can carry out a real time anomaly detection for the key nodes, assure the network security.In this thesis, we first illustrate the technique theory and practical application of NetFlow, and then discuss the network status information in the NetFlow data.This thesis introduces the design and implementation of the system, including the partition of function model, the main task of models and interface specification between the models. Then we introduce the system work flow in detail based on an example. At last, this thesis evaluate the proposed system through a experiment based on the example introduced above, and the experiment result given shows the system meets the need of design.Then this thesis discusses two important function models separately. For the information in the NetFlow data, a multi-angel statistics scheme is proposed and we design the NetFlow data processing procedure. For the data convergence and statistics, an algorithm that can reduce the memory usage is proposed, and then we make an improvement for the proposed algorithm. After that, we analyze the classification and detection of network anomaly traffic, and introduce the detection algorithm and implementation scheme of the proposed system.