| Network bring convenience to people, at the same time, there has been an increasing number of security issues. In all attacks, DDOS attacks is a destructive, more difficult prevention form of attack. In recent years, it is emergence of a variety of attack detection technology. How to make better and faster detection of abnormal behavior on the network is an important issue the modern enterprise facing. Therefore, abnormal network behavior analysis and detection is important research field of network security. Network behavior research emerged in this context, the changes of network data based technology is seen as a mapping of aggressive behavior in the network, the network traffic reflect the operating status of the network, through abnormal flow analysis, it can detect network performance and security issues.This paper describes the entire process of flow and behavior analysis, conduct a series of studies on the traffic and the characteristics of DDOS attacks. Main work and results are as follows:use of the attack software simulation of five typical DDOS attacks, using the Winpcap library under VC6.0environment implements real-time data acquisition, graphical display of traffic data, which can be intuitive understanding the health of network, and then calculate the maximum, mean and variance of the traffic data to analyze the characteristics of each type of attack, then establish the library, the features of the field are serial number, category, eigenvalues, definition of the act, then calculate the characteristics values of the current flow, and compare with characteristic value in the behavior libraries, select the minimum of absolute difference, then output the category and behavior definition. |
PDF Full Text Request