| With the rapidly developing of Internet, all kinds of network services and applications grow fast, such as web service, file transmission, E-mail and many other applications on teaching and scientific research in campus network. At the same time, the users of campus network increase continually. Campus network is playing an important role in our work, study and daily life. An instant and reliable network service with high quality and security is expected. Thus, it is becoming more important for the campus network provides the high performance in reliability, availability and security.However, the campus network has to face the increasing of malicious and worm attack. It is a great challenge for the availability. Besides, the normal application has to competite the bandwith with the abnormal traffic, such as P2P traffic. Because there are more misuses in a campus network which greed the network bandwith and cause the congestion of the network.Netflow is a technology which is used to accelerate data switch in network equipment by Cisco system. It has a powerful data collection and analysis capability and is becoming the uppermost criterion for IP/MPLS traffic flow. which is applied widely in network management field. There are many techniques based on Netflow to analyse the traffic flow and provide accounting and billing information of the network service. It has been applied to monitor behavior of network user and traffic flow and usage of network services.In this paper, by studying the feature of the Netflow data and the MIB status of the network equipments, at the same time, in terms of analyzing the characteristics of network attack, worm spread, virus infection and network misuse behaviors, our work is based on the facts that most of the anomaly traffic in campus network has influences of the Netflow data and network equipment status. An approach is present to assess the threats of the traffic in terms of five factors: the traffic bytes distribution, flow number distribution, packets number distribution, equipment CPU utilization and the memory utilization. The weight of each factor is computed and determined by fuzzy relation matrix。An prototype system is designed to test the method and the results are analyzed to evaluate the availability of our method. The test shows that the method has the positive results on determining the anomaly traffic and on the threats assessment process.This method can distinguish the abnormal traffic, which is harmful for the bandwith, from the Netflow sample and gives a reference value of its threat level and never need analyzing the content of the packets. |
PDF Full Text Request