Design And Implementation Network Attack Detection System On The Backbone

Now, with the rapid development of Internet, people’s daily lives are more and more inseparable from the network. Along with the rapid development of Internet and the popularity of various network applications, the number of Internet users in China has greatly increased. According to CNNIC, the total number of Chinese Internet users is up to599million at the end of August2013, Internet penetration rate reached44.7%. The network has brought people a lot of convenience, but also appeared a variety of network attack behavior.It’s size and destruction also increased significantly.In all kinds of network attacks, the most damage is the DDoS (the Distributed Denial of Service) attack. In March26,2013, the world famous anti-spam organization Spamhaus, claimed that suffered DDoS attacks. The rate of the flow attack is as high as300g per second. This is one of the largest in the history of the Internet DDoS attacks. The attack not only resulted in the service of Spamhaus paralysis and at the same time led to the global Internet jam.Due to the dramatic increase in network traffic, the traditional network attack detection methods have been unable to meet the requirements of mass data real-time analysis; we need to bring in more efficient way.This thesis adopted the Hadoop open source framework for huge amounts of data analysis, to build a system for real-time detection of backbone network attacks.Firstly, this thesis introduces the basic concept of Hadoop, the structure of Hadoop, HDFS (Hadoop Distributed File System) and graphs model of the parallel computing. Then, on the basis of the Hadoop framework, this thesis puts forward the backbone network attack detection system of the three layer architecture, including the network data collection, storage and network attack detection methods, constituting a complete network attack detection system.Then, this thesis focus on the attack detection module of backbone network attack detection system and introduced the attack detection task parallel scheduling and MapReduce programming of various network attack detection in detail. This thesis builds a high scalability, high stability of the backbone network attack detection system.The system can be flexible to expand in response to a greater amount of data and new type of network attacks.what’s more, it put forward a kind of network attack detection based on network traffic regression model method. In order to improve the performance of the data analysis, data sampling experiment was carried out.