| Because of its openness, nature of resource sharing and increasing interconnectivity, network is getting more important in all aspects of people's social lives. With the rapid development of the Internet, we face menaces from all kinds of security incidents. It is reported that various network attacks for network resource have made serious damages recently. Anomaly detection as a security protecting system had been an important part of network security field.The data in the Internet is very huge, especially for the large-scale network. A system that can rapidly and accurately detect anomalies from mass log-data source is promising in the market. Aim to mass data, we propose a parallel processing method with the idea of distributed computation. We raise the open-source software platform Hadoop, and then achieve specific applications in data pre-disposal by taking use of the advantages of Hadoop in distributed computation. Then we study the classification of traffic anomalies. By analyzing the characteristic of main traffic attacks at present, we come to the conclusion that Network Information Entropy can be used in network traffic anomalies detection. The system designs an algorithm based on Network Information Entropy. With the combination of Principal Components Analysis and Subspace Method in Statistics, they achieve the function of detecting for network traffic anomalies.Our anomalies detection system is made up of four sub-models, which are data collection and pre-disposal model, entropy computing model, principal components analysis model and subspace method detecting model. The system receives good detecting effect in the practical application. At last, we talk about some problems to the present research work and the further research points to be solved in the future. The paper gives a worthy reference for traffic anomalies detecting design in real life, The designs are theoretic and practical. |
PDF Full Text Request