| Along with the rapid development of network technology and the universal application of network environment, there are more and more attacks to our networks. With the improvement of the attack technology, the tools and tactics turn more complex and diverse. Therefore, it is urgent to know protection of computer electronic information systems.Anomaly monitoring is an important branch of intrusion detection. Anomaly monitoring is a security technology to detect intrusion through monitoring the target system in runtime. It is installed on the system in order to monitor network behavior to void system damage. Although there are many advantages in anomaly monitoring systems, it is hindered by slow speed, low accuracy and misstatement.Network anomaly monitoring includes analysis of network data, extract of data features, detections of network anomalies. It gives the appropriate alarm to ensure security of the network. The paper introduced capture of network data, data persistence, data sampling, abnormal behavior feature extraction for heterogeneous environment. The paper improved portability, accuracy and performance.Several technologies of network anomaly monitoring were researched in the paper. It gave a detailed description of a network anomaly monitoring system in Windows and Linux platform. A prototype system was implemented.There are several key techniques of network anomaly monitoring. The paper discussed how to capture and analyze network data for heterogeneous platform. The paper compared technical schemes of anomaly monitoring. A feature base was established. The feature base is updated automatically. Learning model was introduced to reduce the false negative in anomaly monitoring system. Finally, the paper described overall design and detailed design of anomaly monitoring system for Windows and Linux platform in detail. |
PDF Full Text Request