Research On Technique Of Anomaly Detection For Network Situation Awareness System

With the growing of network technology and the increasing of the capability of distributed processing and network communication, many kinds of intrusion and attack activities become more and more crazy, with the organized and scaled trait ,it is cried for credible safety precautions in order to protect network users' information security. Currently, traditional network security products can not reflect network security status exactly any longer, so the research on Network Security Situational Awareness (NSSA) emerges.The NSSA system aims to monitor network security status from multiple perspectives, detect the potential or arisen anomalies in time, and reasonably forecast the network security status in time. In order to getting a great deal of related information, constructing kinds of security sensors becomes the foundation of NSSA. Considering SNMP is widely used, simple to realize and with high currency, it is used in this paper as an important network security situation data acquisition method, which acts as the data source in realizing security situational awareness in large scale network.First, the paper gives the overview of network anomaly detection technology and Network Security Situational Awareness technology at home and abroad. Then under the research topic, anomaly detection technology in Network Security Situational Awareness System is introduced. Secondly, three anomaly detection methods of Network Security Situational Awareness System which is aim at SNMP data's characteristic are provided and realized, namely, threshold detection method based on BP neural network,flow data anomaly detection method based on AR model and anomaly detection method based on association rule mining. Further, Anomaly Detection System's key module based on SNMP data mining is designed and realized. In the final section of this paper, SNMP performance data is collected in the experiment environment. Then three anomaly detection methods' availability is validated through the experiments. Finally, the conclusion was drawn and the further researches on this issue are put forward.