| With the rapid development of information technology, computer technology and Internet technology have obtained considerable progress, which bring far-reaching impact on people’s production and life. In particular, the network technology has penetrated into almost every aspect of human life. Based on the development of network technology, many kinds of applications have been coming out. The continuous growth of new application has expanded the scale of network and made the network topology structure become more and more complicated. Network technology has brought convenience to people’s life while also faces huge security challenges. The complicated network environment fills with abnormal traffic, various forms of malicious programs, hacker attacks, virus, which reduce network performance, devour the limited cyber source and affect the normal providing of network service.Therefore, the task to keep stable status of the network is imminent. In the view of the current network security situation, we hope there is a model for the network, which can monitor and diagnose the status of network quickly and efficiently and also can identify anomalous traffic and network attacks accurately, so that we can protect the environment of the network and lay a good foundation for people to use network application safely.In this thesis, the design and implementation of the model based on NetFlow is proposed, which can separate the different types of network traffic and detecte the network attack and is also a combination of network management and security detection. Specfically, it can give the real-time anomaly detection for the key nodes and assure the network security. The specific contents are as follows: the characteristics of network traffic flow and its application status based on Net Flow technology are introduced. As a traffic flow acquisition method, a detailed analysis between it and other common ways of traffic flow acquisition is presented. According to the type of application, traffic flow of the abnormal network and the network traffic are analyzed and classified, which provide the reference for administrators to make the management and optimization for network and filter the traffic data of most normal networks, and improve the efficiency of the network to analysis exception diagnosis.This thesis proposes a two-layer hybrid diagnosis model for the network traffic. The information entropy sub-spacemethod based on PCA and the naive Bayesian network are as first layer and second layer, respectively, to diagnosis abnormal traffic flow. After the network flow is diagnosised of two-layer hybrid diagnostic model, the abnormal traffic will be separated from the mixed traffic. In order to analyze the further cause of abnormal traffic, we use the BP neural network to analyse the abnormal traffic. BP neural network can extract different type of network attacks from the abnormal traffic, which provides good reference for the administrator to analyze the network status and to take effective measures to prevent network attacking. |
PDF Full Text Request