| While the information network become more and more popular, information security threats get increasing, and it has drawn more attention. In today's complex application environment, means of attacks are becoming more targeted; the information network security situation is complicated and grim. At the same time, in order to meet the development ,we need high-speed Internet, so carriers have been committed to continuous expansion and improvement of the existing network infrastructure, bandwidth, increase exports, but the wide network of roads has being occupied by all sorts of abnormal traffic.Abnormal traffic usually refer to a non-host on the network carriers or end-users expect a variety of traffic, including: DoS (Denial of Service attacks) / DDoS (Distributed Denial of Service) attack, worms / viruses, spam, P2P applications, illegal VoIP and so on.And the DDoS is now second only to the Internet worm, the second largest threat to cause economic losses each year of billions of dollars. DDoS mainly through the distribution of a large number of computers on the Internet, to launch a joint attack , so DDoS is difficult to distinguish between legitimate traffic and illegal traffic, such a simple identification and isolation techniques can not be fully resolved, because of its high risk level has been identified as a network pollution. Study how to defense DDoS attacks, these security mechanisms have become a hot spot in network security.Conventional attack against or abnormal traffic monitoring, because of their shortcomings, or efficiency is not high, there can not be overcome or resolve some technical issues, obviously can not effectively protect the network and end-users from DDoS attacks, damage, or abnormal traffic for the network bandwidth usage.In this paper, committed to achieving an exception for network traffic monitoring and control system solutions.First, this paper describes the current network information security, the grim situation, and for the abnormal traffic of concepts and hazards are analyzed and researched, and then, it contrast the primary means of attack against abnormal traffic of the pros and cons. Monitoring in the Service Inspection Gateway (SIG) on the basis of the specific circumstances of needs analysis, design a set of abnormal traffic monitoring system programs, and be designed to achieve.This paper mainly to the following aspects:1. Research and analysis the development of network information security, focusing on abnormal traffic monitoring in the domestic and international status, development trends and market insight;2. In-depth study the definition and the formation of abnormal traffic, comparative over a minute to withstand abnormal traffic monitoring program strengths and weaknesses, learning related information attack and defense strategies, to master sophisticated technologies such as flow monitoring methods;3. Participation in the overall program requirement analysis, monitoring center, protocol analysis module, flow filtration module, intrusion detection module analysis and design.To compensate for the current-traditional security devices the ability to withstand lack of abnormal traffic, we need to have more fine-grained mechanisms for attack detection and analysis of the new system. In this paper, the design of the system can effectively block the abnormal traffic of legitimate traffic to ensure the normal transmission.This is to protect business continuity and integrity of the operation of the system has extremely important significance. |
PDF Full Text Request