A Research On High-speed Network Traffic Anomaly Detection Technology

The network of operators' business and the system of imiportant clients are the main representatives of high-speed network.With the business system expanding every year,the network systems of some companies are showing more and more high-speed network features,and support networks the telecom operators built around the bearer network also gradually join the high-speed camp.Due to its unique features,high-speed networks can not build its defense system according to security building of normal information system,meanwhile,high-speed networks without any protection lose the security basis for supplying qualified service to clients.Facing the threat of network traffic anomaly ,high-speed networks need a new thought which not only keeps the network system healthy,but also affords highly accurate network traffic anomaly detection rate.This article did some research in a new method of anomaly detection in high-speed network in order to improve the ability of detection on network traffic anomaly.Finally fulfill the function of detecting network traffic with this method.First,introduce something related to the analysis of network traffic anomaly and make some comparison to available analysis technology,getting the idea that the analysis technology of high-speed network traffic anomaly has huge space for developing,meanwhile select a proper collection method after comparing to three collection methods.Second,propose a framework model suitable for the system of high-speed network traffic anomaly detection.Through the function design of traffic acquisition module,traffic statistics and pretreatment module,online anomaly detection module,abnormal hindsight module,warning and response modules,comprehensive analysis and visualization module,realize the online detection of high-speed network traffic.Third,propose the detecting method of BEF traffic anomaly and get distribution features of network traffic through modified Bloom Filter and entropy.Deside the traffic anomaly by the anomaly of distribution features and reduce the wrong warning rates for network anomaly and improve the detection rates with less expenditure and less complicated calculation.In the end,propose the methods of traffic anomaly based on PCA,which can accurately and quickly mark the exactly time when anomaly occurs,therefore,it can help network security emergency response departments find the traffic anomaly of macro-network in time and save more time to resolve the network anomaly rapidly,besides,it has good recognition accuracy rates and detection efficiency.