Network Based On Adaptive Technology And Abnormal Behavior Detection System

With the continuous development of network applications and how data flows in the network in abnormal behavior, and gives real-time early warning, network security has become an important research topic. This article discusses the network data stream NETFLOW as well as the general concept of data flow anomaly detection system behavior of the overall framework, focused on technology based on adaptive network anomaly detection data stream of real-time processing algorithm, the classification of security incidents results demonstrate storage and technology, anomaly detection system deployment process. The main content of the thesis are as follows.1. In the classic algorithm of principal component analysis (PCA) based on a multi-dimensional data based on the characteristics of adaptive technology, network data flow anomaly detection algorithm events. The basic idea is: the collection of all incoming network traffic to the PCA the original data stream processing, the data flow on the formation of a specific abnormal events (such as DDOS) characteristic dimensions and statistical data, the results measured by comparison with the predicted results to determine the dimensional characteristics of abnormal events on the contribution rate, in accordance with the contribution rate of exclusion threshold characteristics of small dimension, and thus to determine whether the abnormal events occur. Among them, learn from experience of the initial threshold value of 0.5, after 0.1 can automatically adjust the scope. Practice results show that the algorithm can effectively detect common network abnormal events, and smaller implementation costs.2. In accordance with the people most concerned about the current DDOS, network scanning and network congestion events of three types of network anomalies,design and realization of the classification of abnormal event,alarm and related abnormal storage of information. Abnormal event-related information there are: IP, port, packet size, byte size, timing, duration and other information. And monthly, respectively, by days, by the hour, as well as statistics on the size of abnormal real-time trend analysis and provide a variety of display graphics, for the detection of people at any time by using queries.3. Tomcat5.5-based container, the realization of the network behavior anomaly detection system packaging and deployment of web services, it is through a browser can easily access to the corresponding detection of abnormal behavior services.