| The popularization of computer network is more and more widespread, and the network anomalous traffics which are caused by network attack, worm virus, malicious download and equipment abnormalities have a greater effect upon network performance. A lot of aggressive anomalous traffics constantly interfere with normal network operation order, and bring serious threat to network security. In this case, in order to guarantee network normal operation and provide users with a good network environment, how to detect existing and potential anomalous traffics of network timely and effectively becomes an important concern subject.In order to guarantee the security of network and discover network anomalous traffics timely, this paper started from the principle of network traffics measurement, analyzed the development and application of network traffic measurement models, researched the working mechanism of traffic measurement working mechanism, and based on the self-similarity characteristic of the network traffics, this paper designed an anomalous traffic detection model which adjusted to the actual network. The main research contents and innovative achievements are as follows:Firstly, by researching of network traffic classification technology, this paper designed a regional flow classification algorithm. This paper analyzed network traffic measurement flow classification technology comprehensively and systematically, and classified network high-speed traffics according to different regions. In order to balance high-speed traffics and simplify data processing process, the large network traffics were divided into several smaller traffics. Because the high-speed network traffics were classified by different regions, when detecting the anomalous traffics, administrator can find the region of anomalous traffics, and then take measures such as broking network, segregation or speed limited to reduce the negative influence of the anomalous flow.Secondly, this paper researched network traffic self-similar feature and Hurst parameter estimation algorithm, compared several different Hurst parameter estimation methods and improved traditional VTP algorithm which calculated Hurst parameter with Real-Time VTP algorithm. When estimating Hurst parameter, this algorithm updates partial time series data and shorten computing time interval, to realize real-time parameter estimation. Lastly, comparing the value of Hurst parameter with the normal value range and judging whether the abnormal network traffic exists, to realize network anomalous flow detection.Thirdly, according to the network load and the great influence of long flows, this paper researched adaptive network flow sampling technology and designed an adaptive network traffic sampling method. Adjusting sampling interval dynamically based on network performance parameters, the method of sampling all long flows and some short flows can improve network anomalous traffic measurement accuracy.Finally, this paper designed an anomalous traffic detection model, and described the functions, principles and the algorithms of the each functional module. The model included simple regional traffic classification module, adaptive flow sampling module and anomalous traffic judgment module. And this paper described the main functions and algorithms of the three modules. Lastly, in NS2 simulation environment, the accuracy of the adaptive flow sampling and the instantaneity of the Real-Time VTP algorithm were verified. |
PDF Full Text Request