Network User Behavior Analysis Based On Traffic Identification

Internet applications have been deeply involved in all aspects of human society, therefore, manageability of users and network become increasingly important. Netowork User Behavior Analysis is an important technique for users and network management. It can be used for analyzing behavior patterns and accessing habit of users in large-scale, which provide guidance for making network traffic management strategy, while enhancing the network traffic monitoring capabilities in security.At present, most user behavior-pattern analysis methods employ offline data mining techniques, which lack of online monitoring capability. Therefore, the online user behavior dynamic analysis methods and key techniques have been researched in this dissertation. And by applying traffic identification and packet classification technologies, various network applications using by users are patitioned from primitive network traffic, and then the relationship between users and traffic characteristic are studied from the perspective of user behavior. The main works done in this dissertation are as the following:①Existing network traffic identification methods and packet classification techniques have been studied in this dissertation, which provides a theoretical basis for further real-time measurement on network user behavior.②On the basis of studying the off-line analysis methods on network user behavior, a novel online nework user behavior analysis model has been proposed which provides real-time user behavior monitoring by online user behavior patterns analyzing and abnormal patterns detecting.③Frequent patterns minging models and techniques on data streams have been researched in this dissertation, and an algorithm is proposed based on time sliding window. This algorithm can be used to mine frequent itemsets in an arbitrary time period given by administrator.④A prototype system has been designed and implemented based on Netfilter framework on Linux platform. The real-time network user behavior measurement, visualized user behavior statistic analyzing, online association rules analyzing and abnomal patterns detection have been implemented in this prototype system. The experiment results validate the correctness and effectiveness of the idea proposed in this dissertation.