Research And Implementation Of Host Protection System Based On Traffic Behavior

With the rapid development of network technology, the Internet is playing an increasingly role in people's daily life. The emergence of a large number of network applications and services such as E-commerce, online banking services have brought great convenience to people's daily life,but also provided a broad platform for the profit-making of the lawless elements. In recent years, the rising network crimes brought large economic losses and caused great negative impact to the harmonious development of society as a whole. Network security has become a critical and urgent problem.The contributions of this thesis are summarized as follows. Based on analyzing the security threats current network is facing, we review the principles, categories and ongoing developments of network defense technology, and highlight the import role of network traffic analysis in securing network. Based on a comparative study of several typical network traffic classification algorithms, we design and implement a novel behavior-based classification approach, which characterizes the network state of a host by accurately classifying its outbound traffic, in order to recognize and prevent suspicious behaviors. Furthermore, we study the details involved in the construction of knowledge base and data organization based on traffic characteristics. Finally, on the basis of current intrusion detection theory, we design and implement a traffic characteristic based technology to detect malicious network behaviors. The experiments show that this technology can effectively recognize the malicious behaviors aim at illegally accessing files.Based on the network traffic analysis technologies discussed above, we design and implement the NSP-TB host security protection system to regulate host behaviors and protect sensitive data. All the details, ranging from the goals, overall structure, function design, module design to the implementation of this system, are presented in this thesis, and the system is well tested to analyze its performance under all conditions. Finally, we conclude this system by exploring the flaws that we would like to reserve as future work.