The Application And Implemention Of Data Mining In Abnormal Network Traffic Detection

With the rapid development of science and technology,the Internet has become a necessity of people's life.More and more information is transmitted and stored by Internet,which makes the problem of network security more and more important.In this environment,the network security research has gradually developed,and showing a thriving development trend.In the Internet + as an important strategic development of China's development environment,network security as an important part of the development will usher in a more rapid.Anomaly traffic detection is a very important part of network security research.It can identify the anomaly and attack in a large amount of network data.Data mining is a kind of subject that is a kind of subject which can be found useful information through mathematical model.It is an important step in database knowledge discovery(KDD).It is also a hot research field in recent years.In the era of big data,the traditional method of abnormal traffic detection is difficult to establish and difficult to manage.The research is based on data mining.Network security management system is for the enterprise,the unit within the network security and the design of security products,it can through the network of security equipment management to effectively monitor network status,to prevent external attacks.However,in the case of network security management system for the first time or not to add the security equipment,this system can not effectively identify the abnormal phenomenon in the network,which makes the system network security risks.Therefore,the network security management system is a kind of function that can effectively adapt to the large data traffic network characteristics,timely detection of abnormal phenomenon.In order to solve the above problems,this paper designs and implements an anomaly network traffic detection system for the network security management system.The main work includes:firstly,according to the characteristics of traffic flow in the network security management system,the neural network algorithm in data mining is selected as the method of abnormal traffic detection.Next to the system design,the system is divided into four modules:data acquisition module,data processing module,data mining and anomaly detection module and alarm module.Data acquisition module using tcpdump to achieve the network traffic data collection.The data processing module uses the shell script to extract the characteristic attribute of the traffic information,and the data collection module is used as the sample data of the data mining.The neural network model is used in data mining and anomaly detection module to accomplish the recognition of anomaly.In view of the traditional BP neural network algorithm,the convergence speed is slow and easy to fall into local extremum of the defect,this paper the idea of genetic algorithm and on the basis of introducing the algorithm of optimization of GA-BP algorithm,effective way to avoid the these problems,and improve the result of anomaly detection.Alarm module to achieve with the actual system-network security management and monitoring system(NSMS,referred to as the network security management system),the effective combination of abnormal information in the form of alarm display to the network security administrator.Finally,practical and the detection ability of the Department of the assessment.The results show that the system can use data mining method is effective to detect and identify the NSMS system the information of abnormal traffic,prove that the network security management system under the environment of the system is effective and feasible.