Research On Anomaly Detection Method Based On Fusion Of NetFlow And SFlow Network Flow

With the improvement of network technology, the complicated of network’s compositionand network applications make the scale and difficulty of information processing in networkincreased. But traditional anomaly detection methods have already been unsuited to thevarious types of abnormal phenomena in large-scale network. Because of network flowcontains rich network information, the anomaly detection based on network flow has becomea mainstream technology of network security situation awareness. According to theapplication features of NetFlow and sFlow in the aspect of network anomaly detection, thisdissertation adds the fusion of protocol field method to improve the source data of detection,and then proposes the anomaly detection method based on fusion of NetFlow and sFlownetwork flow.Firstly, this dissertation analyzes the current situation of network security, combining thedevelopment of network flow and the analysis of present situation about anomaly detectionbased on network flow, and then proposes the basic ideas of anomaly detection method basedon fusion of NetFlow and sFlow network flow. Secondly, this dissertation researches andanalyzes data format and function analysis of the protocol of NetFlow and sFlow. Combiningthe characteristics of the two protocols, a fusion method based on NetFlow and sFlowprotocol field is proposed, and is proven to have advantages compared with the fusionmethods based on a single protocol through experiments. Thirdly, according the analysis ofnetwork abnormal phenomena characteristics and the research of anomaly detection methodsbased on network flow, combining the characteristics of the fusion data of network flow, thisdissertation proposes an anomaly detection method based on fusion of NetFlow and sFlownetwork flow. Combing the characteristics of network flow anomaly detection method, theproposed method sets the monitoring of normal network and made classification to detectabnormal phenomena, in order to monitor the current network automatically and effectively.Finally, this dissertation analyzes the function of system based on NetFlow and sFlow,and studying the system’s structure, designing and implementing each module. Then wemake deployments towards system according to the experimental network, to verify thefunction of each module and advantage. In order to meet more demands of network security, the future research direction is proposed and the final of the expected goal of master’s thesisis completed.