| With the scale increasing of network, the architecture has been complex day by day. Network traffic anomalies impact the network performance more seriously. To control and manage network better, and to decrease the impact of anomaly traffic, it is necessary to analyse and extract the feature and behavior of the anomaly traffic accurately and timely,and to find and intercept the traffic anomaly event voluntary.Traditional users networks use the method of meticulous users behavior,application behavior and the network behavior analysis to detect the anomaly traffic.Because of the large amount of traffic in backbone network,it is difficulty to analyse the anomaly traffic's feature and behavior.Aiming at this difficulty,the research of relativity coarse method of analyzing anomaly traffic feature is essential.This dissertation research includes coarse representation of traffic feature in backbone network,detection of traffic anomaly events, and correlation analysis of traffic anomaly events,and proposed a machanism of attack detection in backbone network.First,because of the difficulty of meticulous analysis in backbone network,our method of extracting traffic feature is based on relatively coarse parameters,and regarding these parameters as time signals,we name these signals as traffic feature signals.So the analysis of anomaly traffic behavior is translated into the analysis of multi time serise.Second, anomaly traffic is relatively small to the backbone traffic,aiming at this difficulty,this dissertation propose a method of abstracting traffic feature which is named multi-flows and multi-parameters.We abstract traffic feature signals after flow classification.The advantage is reducing datas and highlight anomaly behavior.Thirdly, this dissertation introduced ouliter mining to detect anomaly events, and proposed a time serise oultier mining based on local density.we used this method to find traffic anomaly events in traffic feature signals.Fouthly, there is not any relations between traffic anomaly events and the reason of thsee events, so in this dissertation we use correlated rules mining to find the correlation between traffic anomaly events and network attacks.A rule representation a network attack can impact several traffic feature signals.Fifthly, based on the above methods,we proposed a machanism of attack detection in backbone network: our machanism detected anomaly events in relatively coarse feature signals,and then matched these anomaly events with anomaly events rules in order to detect attack and produce red and orange alarm on the basis of the match result. |
PDF Full Text Request