Research On Traffic Anomaly Early Warning Technologies For Large-scale Networks

With the rapid scale expansions of Internet, network applications have received rapid development and growth, which has brought great convenience to people. However, along with the significant increase of the normal network traffic, a variety of abnormal traffic is also accompanied, all of which has brought huge challenges to network monitoring. Hereby, how to monitor and manage network traffic on-line and how to identify known and unknown traffic anomalies accurately and timely, have already become urgent research problems of network monitoring and are very important for maintaining network reliability and improving network availability.Large-scale network traffic has the characteristics of high dimensionality, large volumes and rapid speed, which make the existing network traffic collection methods that capturing every packet traversing between two measurement points have been unable to continue. Thereby, it is in a great need to propose a more targeted traffic sampling methodology for traffic monitoring of large-scale networks. On the other hand, many a detection algorithm is not adapted to macro-monitoring and anomaly detection for large-scale networks, and moreover, often puts on the burden of network operators. Consequently, a simple and efficient anomaly detection method is in emergent demand. The purpose of this thesis is to explore network traffic anomaly early warning technologies for large-scale networks, and then to improve the capabilities of network traffic anomaly analysis and anomaly detection.This thesis first proposed an adaptive network traffic sampling method based on flow size distribution. Namely, this sampling method can automatically adjust its sampling strategy according to the variation of small flows. The results'contrast analysis shows that this adaptive sampling method based on flow size distribution is more suitable for capturing attack packets, which lays a good foundation for later analysis and processing. Then in order to solve the weak operability and poor flexibility problems of current anomaly detection methods, this thesis also proposed a traffic anomaly detection methodology based on entropy. Experiments prove that this method is simple, flexible and can efficiently automate detecting. Finally, this thesis successfully implements an anomaly early warning system for large-scale networks, and much experimental verification has show that this system is very effective and practical for traffic anomaly detection.