| With the rapid development of network technology and colorful applications,different kinds of network attacks and abnormal behaviors become more and morerampantly, seriously interfering the normal operation of the Internet and affecting thenormal use of network. With the continued expansion of network scale and the depletionof IPv4address resources, turning to the next generation network protocol IPv6hasbecome an inevitable trend. In the IPv4/IPv6transition period, to cope with the varietyof current network security threats, it’s important to pay attention to the steadilygrowing IPv6network traffic when IPv4network traffic is monitored. Network trafficanomaly detection system can detect network traffic anomalies, and network intrusiondetection system can detect intrusions. Thus the combination of the two could makethem benefit each other.According to the above analysis, the following aspects was studied in this thesis:Firstly, a network traffic anomaly detection method was proposed which based oncombination of information entropy and the auto regression model. According to theself-similarity of network traffic, this thesis uses auto-regression model to detectnetwork traffic anomaly with high accuracy and low time complexity by the way ofintroducing information entropy and then calculating typical measure of network traffic.It was demonstrated by the experiments based on the famous MIT1999DARPA datasets that this anomaly detection algorithm improved the accuracy and reduced the falsealarm rate.Secondly, an intrusion detection method based on an improved regular expressionmatching was proposed. Adoption of improved regular expression grouping algorithmavoided the state space explosion caused by the conflict among a large number ofregular expressions and reduced the storage space occupied by the set of regularexpressions. On the basis of open source software developers’ work, an improvedregular expression matching engine for network packet payload pattern matching partwas implemented. Although storage space is increased to some extent, matchingperformance was greatly improved, and the efficiency of intrusion detection systemswas improved finally.Finally, for the lack of network traffic monitoring method on CERNET2Chongqingnode, the IPv4/IPv6network traffic monitoring prototype system in Chongqing University campus was designed and implemented. Test results showed that theprototype system could find out network traffic anomaly, detect network intrusion bythe way of matching the payload of network packets, and provide a good experimentalplatform for follow-up research on IPv6network. |
PDF Full Text Request