| In order to effective keep from attack behaviors and network anomalies in high-speed network, network managers have to identify network anomalies behaviors from massive network measurement data and then take corresponding countermeasures. To identify anomalies effectively is important to collect network traffic, and make use of performance matric to profile the data source. We construct performance matrix model and studies network-wide anomalies detection methods based on the spatial temporal correlation. Otherwise, network element misconfiguration, BGP routing modification, network fault, network security events, network upgrade will be analyzed correlatively. Thus, root cause of network anomalies can locate.The main contributions of this thesis include the following six aspects. (1) Adopt the Linux-Intel PC to analyse and deal with the traffic information in high-speed network. (2) This thesis extends the traffic matrix model and constructs performance matrix model containing more abundant measurement data. (3) Network anomalies are classified, A Realtime Detection method of network-wide traffic anomalies(RDA) is proposed to defend poison attacks. Experiment results show that RDA algorithm still has very good detection performance in face of poison attacks, obviously superior to RDA-based anomaly detector. |
PDF Full Text Request