| At present, network security problem has been one of the most attention problems. Malicious codes, viruses, and attacks in the network have influenced normal life. And even more they may make threats to the nation property and benefits. With the development of hacks, new technologies in anti-intrusion are needed. New network security products have been promoted continuously to satisfy needs. NetFlow technology is paid attention by many academic organizations and cooperations. Through studies and practices, NetFlow is proved to be efficient in network management, traffic billing, and security analysis. And it can be used in network environment with high speed and heavy traffic. NetFlow is an efficient way in analyzing network security problems. Researches on real-time security events detecting technologies are promoted in this essay. Based of popular NetFlow data, abnormal network activities can be detected exactly.As a technology of traffic detecting, comparisons with other two technologies are made first. And reasons of choosing NetFlow are reffered in this paper. Then NetFlow technologies that can detect attacks are classified. Characteristics of abnormal activities and related detecting strategies are listed as following.On the basis of deep researches on NetFlow network security areas, real-time security events detecting system is developed on Linux platform with GCC. To satisfy the need of real-time, multi-threads are adopted. Main functions are separated into four threads in all. Concretely, they are collecting thread, parsing thread, statistical thread, and analyzing thread. The running efficiency of system is elevated. And events detected are classified according to reliability. At last, this module is implemented. The results show that the system can work well. |
PDF Full Text Request