Network Traffic Monitoring Technology And Its Safety Management

With the boom of the Internet, the network security events occur frequently and there are more and more attach means. So privacy, integrality and availability of network are facing a hard challenge. DDoS (Distributed Denial of Service), which has brought much loss for millions of network users, is one of the most ruinous means and a bad threaten for the servers.As an important means of assuring the performance of modem network, network traffic monitoring has indispensability function for the configuration management, faults management, performance management, security management and cost-accounting management. This paper would like to study the technologies of network traffic monitoring and employ them to detect and defend against the DDoS attacks.Simple Network Management Protocol (SNMP), which has been employed extensively, is the foundation of network management. In this paper the SNMP discussed detailedly, and its evolution trend is analyzed. Collection of the flow data is the foundation of a traffic monitoring system. The existing techniques of flow data collection are classed, and the NetFlow-based method is discussed deeply. On the basis of studying the algorithms of network traffic abnormality detection, an improved Generalized Likelihood Ratio (IGLR) algorithm is proposed.When a DDoS attack happens, the network traffic will increase evidently, and the percent of packets with new IP addresses in the network traffic will increase evidently too because a lot of spoofed and mendacious IP addresses are used. So a DDoS detection and protection system is designed and implemented. In this system, NetFlow, implemented with open source code, is used as the mean of traffic data collection, and the IGLR algorithm is employed to detect the abnormality of network traffic, and the analysis of variance (ANOVA) algorithm is employed to detect the abnormality of the percent of the new packets with new addresses. Our experiments show that the DDoS detection andprotection system has nice performance. However in the high performance network, some problems must be considered, such as the magnitude of flow data, rate etc. So solving these problems is the importance of the next step.