Network Monitoring System, Based On Content Analysis

With the rapid development of Internet,issues on network security become increasingly prominent,and the current security products lack the fast and efficient means of analysis of network load.In this case,the harm caused by the reactionary information and the yellow information arc enormous.In order to quickly and accurately identify illegal information,this paper build a network monitor system through the use of improved pattern-matching algorithm and rough set theory.The capture,pre-processing and analysis of network content monitor system are the three core parts.This paper will focus on the key technologies over the three parts involved in the study and discussion.The main job of the thesis is as follows:Firstly,the paper aims to restore the data and get the content of load by analyzing the well-know protocols,.For the sake of the discrepancy between the speed of flow and analysis,we will have to tackle the problem on packet loss.In our system,we adopt six methods to decrease the frequency of loss,namely,high performance NIC,big size buffer,multi-thread technic, light-weighed load balance strategy,fast pattern matching algorithm,improved protocol recovery process.And the light-weighed load balance strategy which combines the traditional balance theories and the characteristic of network packet capture is a simple and effective method provided by us.Secondly,in order to make the data applicable to the previous classification algorithms,the system had a pre-treatment on them.It contains two parts:one is to delete the structure flags;the other is feature selection.The former is the basis of the latter,because the recovered data often contains irrelevant tags,that part,ff not removed,will be the additional burden of feature extraction.Data pre-processing stage in order to speed up the pace,this paper proposes an approach based on the improved Wu_Manber algorithm considered in the stop words of multi-pattern matching case.If the feature number are 50,time of this algorithm will be 30% shorter than WM,and 60%shorter than AC.Generally,the traditional feature selection methods all have a problem of threshold.The paper will adopt rough set theory to solve the problem.After experiment which is carried on Bayes,KNN and SVM,we find the feature selection based on rough set has a better efficiency than term frequency under 1000-5000 feature dimension.Finally,the system can judge whether the information is illegal by using classification methods.The description of network monitor system should be comprehensive and thin-granulated,despite the paper only focuses on the several common protocols,such as HTTP, TELNET,POP3,MSN,FTP and so on.But the course of the study in this paper,the problems encountered in the corresponding solutions,and many experiments to prove their viability,so the system is a useful attempt and has a certain significance.In this paper,all solutions are given to experimental verification.The experimental results show that in the order of promoting the processing speed of various parts of the system,its performance improvement has been evident,and the classification accuracy is not affected.