Design And Implementation Of Macro-network Of Early Warning And Response System Based On User Behavior

Computer and communications technology develops rapidly and impacts widely, which promotes the informatization course of the whole socity. It dedicates to furthering the informatization of whole society. At the same time, with the development of computer and communication technology, information security becomes a growing problem and more and more people use network to get unlawful interests. All of these cause an enormous loss. Therefore, in order to ensure the security of network services, understanding the user's current behavior in time and forecasting the next behavior becomes an urgent problem.For the purpose of analyzing user behavior, with the network's own characteristics, the thesis proposes the user behavior features based on NetFlow information. These features describe user behavior quantitatively and find out the user behavior pattern through comprehensive computation. After obtaining the user behavior pattern, we can forecast user's next behavior based on the analysis of the current one.This thesis mainly contains the following contents: (1) post a cluster mining algorithm based on K-means cluster mining algorithm; (2) the anlysis of design and implementation of a weighted directed graph for describing a network action; (3) a macro network prewarning and emergency response system.To analyz user behavior, we mainly use the methods based on data mining, which combines cluster mining and association mining. To the numerous NetFlow statistics data; cluster mining can categorize it with the same similarity into a class to the most exten, which can form a reliable basis of user behavior analysis. Based on the analysis of K-means algorithm, we point out its shortcoming and make some improvements on it.To predict user behavior, we mainly use the weighted directed graph for describing a network action, which set up relation among user behaviors. Through selecting a subsequent attack action which has a most possibility to happen to predict user behavior.Next, the thesis anlynazes the design of macro network prewarning and emergency response system,which includes the overall structure design, database design and interface design,and mainly focus on the implementation of the user behavior analysis subsystem. The subsystem includes two modules, one of which is to generate user behavior sequence and another is to generate user behavior pattern. Sequence generating module is mainly responsible for analyzing user's current behavior and combine it with all previous behaviors to generate user behavior sequence. Pattern generating module is mainly responsible for generating user behavior pattern by mining frequent user behavior sequence from all user behavior sequences. Finally, we tested the system thoroughly. Through the running in a real network environment, we found that the prototype system can effectively obtain user's current behavior and predict user's next behavior based on user behavior pattern.