Technology Of Network Anomaly Detection And Attack Isolation

As the Internet develops rapidly, more and more intrusions occur and bring much more harm. Among all the intrusions the anomalies that tend to exhaust network bandwidth such as DDoS(Distributed Denial of Service) and worms effect internet severely. It is meaningful to study technology of anomaly detection and attack isolation in large scale and heavy traffic network environment because the attack such as DDoS and worms is global,sudden and destructive which makes the traditional security protection is not suitable.The similarity statistics based anomaly detection algorithm is firstly presented which gets the statistical data of traffic of the first N addresses or ports and compares the similarity of the data of two successive intervals to find the anomaly. Simulation experiments indicate the similarity statistic based anomaly detection method is effective. Then the algorithm of anomaly signature extraction is studied after the anomaly is found to support the location of attack resource by signature monitoring.The technology of routing diffuse based attack isolation is studied to mitigate the attack of DDoS and worms effectively which can isolate the attack resources rapidly by diffusing the routing information with dynamic routing exchanging after the traffic anomaly occurs.At last, a anomaly detection and attack isolation system for large scale and heavy traffic network environment is designed to verify the algorithm of anomaly detection and attack isolation above. The whole system can find the network anomaly timely and locate the attack resource. Then it can isolate the attack resource using ospf routing diffuse.