Research On Internet Abnormal Traffic Detection Technology

With the expanding of Internet application system, abnormal traffic behavior attacks for Internet applications are becoming more and more popular. Since the Distributed Denial of Service attacks(DDoS) is the main attack method for Internet application system, the DDoS attack research became one of the important subjects of research.This thesis summarizes the causes of the formation of abnormal flow of DDoS attacks among the Internet and the principle of DDoS attacks, illustrates the damage caused by DDoS attacks on network security, points out that the anomaly traffic detection technology plays an important part in network security management. And this thesis also analyzes the key technology and some important algorithms related to abnormal traffic detection technology comprehensively,such as principal component analysis and Bloom Filter(BF) algorithm. Improved the two kinds of Internet anomaly traffic detection algorithm, one method is to introduce the principal component analysis for detecting the abnormal flow of the network, which makes it easy to implement, so as to improve the detection rate of abnormal flow; the other method is to combine the bloom filter with the accumulation algorithm to detect the anomaly traffic among the Internet,and the method can improve the detection and accuracy degree for Internet anomaly traffic. In this paper, the key contents are as follows:(1) DDoS research based on principal component analysis. For the wavelet analysis technology in the anomaly traffic detection algorithm for measuring data is difficult, high error rate of defects, we design a DDoS attack detection algorithm based on principal component analysis. Thought of the algorithm is that using principal component analysis will be needed for the network measurement data dimension reduction, then using the wavelet analysis and information entropy to obtain the network traffic data analysis and evaluation, the final test on Matlab software platform. Through Matlab simulation platform to make the corresponding experimental result, it can be seen from the simulation results, the improvement of the new algorithm in preventing abnormal traffic detection rate has the obvious rise, provide reliable guarantee for network safety.(2) DDoS attacks research based on BF technology. For the bloom of the two-dimensional vector filter technology in the SYN Flooding attack in the defects of low detection precision, we improved a DDoS detection algorithm based on the technology of BF. The main idea of the algorithm is to combine the adaptive accumulation algorithm with the technology of BF which is used to record and identify suspicious network traffic data with three dimensional vector. When the network anomaly traffic attack occurs, adaptive to counter record abnormal traffic data accumulation and algorithm, through the adaptive threshold sets and alarm status detection andjudgment, in order to improve the accuracy of detection and half open connection attack. To test the effectiveness of the proposed algorithm, using Matlab simulation platform to make the corresponding simulation diagram, and the simulation diagram can be proved that compared with traditional methods; the improved algorithm in accuracy of abnormal flow has improved slightly.