Network Security Intelligent Perception Platform Based On Flow Analysis

In recent years,the rapid development of network information technology has led to the growth of network scale.Facing the environment of high-speed transmission of network traffic,the traditional network traffic collection technology has performance problems,and the changing network threat makes the network attack complex,which poses a great challenge to network security.Based on the analysis of network flow and combined with the current technology in the field of network security,this thesis has designed the network security intelligent perception platform,and carries out research from the aspects of improving the collection efficiency of network flow,analyzing network attack behavior,identifying network attack events and evaluating the security of network nodes,so as to prevent network attacks from bringing more harm to the Internet environment.The main works are as follow:(1)An efficient Multi Flow Capture network flow collection function is designed,and a high-concurrency large-traffic data acquisition architecture is developed by using the thread pool idea,which solves the problem of user-mode memory exhaustion and packet loss in the process of large-traffic packet capture.In the communication with the database,the high-concurrency connection pool is used for communication,and the parsed data is stored in the database in real time,and finally the real-time collection,analysis and storage of high-speed traffic data is realized.(2)An intelligent network traffic anomaly detection model based on inceptionLSTM is proposed.The model uses inception module to enhance the adaptability of neural network to different spatial feature scales in network flow and weaken irrelevant non key features.At the same time,the accuracy of network attack detection is effectively improved by using the advantages of LSTM in the time characteristics of network flow.(3)Aiming at the problem that it is difficult for the traditional network security platform to obtain the correlation between network attacks,an intelligent attack event mining model based on Bayesian network is proposed under the guidance of the attack graph representation model.Firstly,Bayesian attack behavior association graph is established based on prior knowledge;Secondly,network attack behaviors are aggregated based on attribute similarity,and an efficient Ex-Apriori algorithm is designed for network attack scenarios to explore the association rules between attack behaviors and establish attack behavior groups;Finally,the parameters of Bayesian attack behavior association graph are used to calculate the attack behavior groups to realize the discovery of attack events.(4)In order to accurately and comprehensively evaluate the security situation of nodes in the network and quantify the attack threat,a node security evaluation method based on attack events is proposed.This method mainly quantifies the effectiveness of network attack based on the threat degree of attack events.By synthesizing the characteristics of network attack behavior in different threat fields and according to the network attack events detected in real time,the network attack threat is quantified as the node security value.(5)Based on the above key technologies,a network security intelligent sensing platform based on flow analysis is designed and implemented,including high-speed network flow collection and storage,intelligent detection of network attack behavior,intelligent discovery of network attack events,node security evaluation and other functions.