| In recent years, with the rapid development of Internet and popularization of network applications, Internet has become an indispensable everyday tool. At the same time, abnormal network behavior affects the internet service more and more seriously.In this thesis we defined the local area network abnormal user behavior detection problem from two aspects, malicious software related behavior and network management rule violation realated behavior.Therefore, the topic of LAN user’s abnormality detection will be discussed from the following two aspects. First, the malware related abnormal network behavior detection system is discussed, in which session overflow, IP spoofing, SYN flood among many others are detected. After some detailed and in-depth observation, some statistical characteristics of malware network behavior are obtained and included in this paper. The second aspect is the detection of abnormal network behavior which is not related to malware but violated some network management rule, e.g. bandwidth limit. In this part of paper, DC-SFQ (Dual-Class SFQ) is introduced. We developed this novel algorithm based on the classical SFQ (Stochastic Fair Queue), in which P2P behavior is detected using Bloom-Filed algorithm and put into separate class of queues.In the next part of this thesis, my work involved in the LAN user behavior management system is introduced. I designed the presentation sub-system using Flash technology, and tackled down a series of problems, the solutions to these problems are listed in the thesis.Some conclusion and preview of ongoing research work are included in the last part. |
PDF Full Text Request