| With the development of Internet,Network has been inextricably linked with people's daily life.As a network administrator,how to monitor network abnomalies quickly and effectively,accurate grasp of the whole network traffic model for relevant departments for decision-making analysis has become an important issue.This paper systematic analysis the existing main abnomaly detection methods and propose an abnormal traffic extraction and classicfication method based on NetFlow in response to these detection methods can only detect anomalies on macro, but can not control and eliminate abnormal flows in practical.This method is under a combination of micro and macro point of view of the entire inspection tour of the campus network traffic.When find anomalies on macro,extract and classify abnormal traffic on micro.Network mutation will be controlled in time and space effectivlyFirst,portray the normal network model with the historical data modeling behavior prediction method of each key host based on NetFlow system.Divide the hosts into normal hosts,abnormal hosts and suspicious hosts by the ratio of normal and abnormal flow ratio.Extract abnormal traffic from total traffic.Discriminant the main traffic of the suspicious hosts by flow analysis.Secondary bring up a Three-layer-by-layer flow classification by netflow key items,behavior patterns,expansion items for the shortcomings of the various existing flow classification methods and mainly described how to classify expansion items by BP neural network.Which devide the application flows into P2P,abnormal flows and normal flows,and do the performance evaluation at last.Finally test the system of extraction and classification of abnormal traffic under a real environment.The experimental data show that the abnormal traffic extraction and classification system is real and reliable,can extract and control abnormal traffic effectively and the consequent is obvious. |
PDF Full Text Request