| With the rapid development of Internet technology, it’s an inevitable trend that IPv6replaces IPv4as the main protocol in the next generation internet. In the meanwhile, related technology about network is catching more attention and network behavior analysis comes about against such background. According to the analysis of network behavior, both users’ actions and habits on the internet and how the internet resources are used can be understood promptly, these informations provide support for the control and management of network. At present, existing network behavior analysis systems are based on IPv4only. During the long period of transition from IPv4to IPv6, it’s valuable in academic significance and application to implement a network behavior system which supports both IPv4and IPv6.The system captures frames of the network interface layer based on WinPcap, adopts protocol analysis technology to analyze network behavior. Protocol analysis covers two stages: protocol based analysis and content based analysis. In the former stage, the key fields of headers in different layers of TCP/IP stack are pointed out and the protocol used in application layer is identified by the port, if it is not successful, the latter stage is needed. In the latter stage, the protocol used in application layer is analyzed by matching the feature value of application protocol with regular expression. The HTTP message is specially analyzed to get the URL. Oracle is used to store the analysis results and provide data support for analysis. With the data mining technology, the system will find the regular pattern of network operation, analyze the feature of user behaviors, and help plan network resources reasonably.Firstly, the thesis analyzes deeply about the differences of IPv6and IPv4, and some categories and methods of network behavior analysis are researched. Secondly, the overall design and solution of this system are introduced, and the related technologies are described and analyzed. Then, in the introduction to the overall design and function, according to the partition of modules, the design of each module and mutual relationships between modules are introduced, and each module’s implementation, principle and flow are specified in detail, particularly the protocol analysis module. At last, the system is tested in the experimental environment, and satisfactory results are obtained. The analysis of test data and test results show that the success ratio of the system is above80%. |
PDF Full Text Request