The Design And Realization Of A System Of Network Traffic Anomaly Detecting

The rapid penetration and development of Computer Networks are upsetting the traditional mode that people communicate information with each other. However, along with the expanding of the scales of Networks, security has been a key problem handicapping the normal developing of the new type's information based society. Protecting Network security can be coped with down two aspects: defending and intrusion/anomaly detecting. As a type of technology active protecting, intrusion/anomaly detecting technology can test out a variety of malicious behaviors in time, and actively response while being threatened. It is a reasonable supplement to traditional secure technologies like fire wall, as well as a hotspot in current research of Computer Network security.Recently investigating technology of detecting Network traffic anomaly gained more and more concern. The key of anomaly detection of network traffic is to analyse and detect abnormal behavior of network by means of the description to normal behavior of network traffic. Usually, anomaly detection of network traffic contains two parts: the one is forecasting of network traffic, the other is detecting the result of forecasting. As to forecasting of network traffic, there are some effective forecasting methods, for example, the forecasting method based on season model and the forecasting method based on support vector machine. These two methods can forecast abnormal situation of network traffic, but the incidence of error alarm is high. To avoid this problem, we propose a combined forecasting method which combined the forecasting method based on season model and the forecasting method based on support vector machine.The main content of this paper studies are as follows.(1) We introduce the research background, significance and give a review of research situation at home and abroad in detail. There are there measure methods to measure the network traffic: SNMP measurement, Packet Sniffing and Netflow measurement. Netflow is a way to exchange data; the traffic collections which had been realized are based on the mechanism of the flow of network equipments which provide the realization of the Netflow.(2) We introduced two given forecasting methods. They are the forecasting method based on season model and the forecasting method based on support vector machine. Besides, we also introduced combined forecasting method.(3) In this paper, we design and accomplish a system of anomaly detection of network traffic, this system contains two parts. The one part is forecasting of network traffic. To reduce the incidence of error alarm, we combine the forecasting method of season model and the forecasting method of support vector machine by means of BP neraul network. Then, we can get a new combined forecasting method. Moreover, based on the forecasting method of season model and the forecasting method of support vector machine, we design and finish the subsystem of season model and the subsystem of Epsilon-SVR. The other part is detecting the result of forecasting. To get more effective detective result, we use the method based on confidence interval to detect the result of forecasting. Futhermore, we make researches on the method of data collection and design a new system of traffic collection based on Netflow measure technology. Anyway, this system of anomaly detection of network traffic not only satisfied pratical network need but also have a wide application field.(4) To demonstrate this system how to apply to practical problem, we give an example. And make a comparison between given methods and new method.