Research And Design Of The Network Anomaly Detection Technique Of The Large Flow Network

With the expansion of network size and the development of computer network technology and the increase of services provided, the rapid development of the Internet brings us a lot of convenience. However, this also results in the menaces from various kinds of security incidents. To detect anomaly rapidly and accurately and to respond to anomaly correctly is one of the precondition of ensuring the efficient network operation. So detection of anomalous traffic is becoming a topic of concern. This paper intends to research a associated. Network traffic anomaly analysis is a key part of network-monitor, whether the network anomaly is detected accurately or not is very import to improve network availability and reliability.At first, This paper outlines the network traffic anomalies, introduced the anomaly detection and the development of related technologies to the detection algorithm used for analysis and evaluation, real-time network anomaly detection method to study the theoretical foundation at the same time made this anomaly detection of ideas .In order to choose an existing better data collection methods, the article in detail on the current data collected by various methods, the analysis of each data collection method of strengths and weaknesses. Which focuses on the acquisition mode based on the flow characteristics, and such methods as a model in the data collection mode.At present there are many network traffic anomaly detection technology, the article analyzed the main anomaly detection technology, and focus on research and analysis based on the exponential smoothing technology network traffic anomaly detection technology. Exponential smoothing is based on the time sequence of a simple statistical model to predict, the article presents a simple exponential smoothing and Hot-winter exponential smoothing techniques, and a detailed description of the detection method. Exponential smoothing Anomaly Detection Method Detection of the whole process is divided into three steps: the first step, time series forecast in a value of the algorithm; second, Metric predictive value and the actual value of the deviations between observed; third step, judge observation Abnormal value of the mechanism (that is, determine whether it away from the predicted value).Against the above background, the paper against the flow of the network environment, the design of the large flow of network traffic anomaly detection model of the structure. The whole structure model, including data collection, data processing analysis of two modules. In the data collection methods, against the flow of this feature, based on the use of the data collection Netflow technology. Analysis of the data-processing module, the reference index smoothing technique based on the network traffic anomaly detection technology thinking through the prediction analysis of the data processing, to determine whether there will be any anomalies, and abnormal flow testing.At present, in order to better cope with the scale of the network expansion, network equipment and network applications to increase diversity brought about by the management, and to explore the abnormal flow of network traffic analysis of the new ways to improve the network traffic anomaly detection capabilities. In this paper, network traffic anomaly detection architecture and management tools in areas such as a preliminary exploration, But also in need of theoretical and practical applications do further research .