| With the advent of Internet plus era, information communications and Internet will be further rapid development, all kinds of network platform are richer and richer, network security is becoming more and more important. However, violation of the principle of network security is on the increase, network is flooded with a lot of trojans, viruses, intrusion software, even hacking training services. With the rapid growth in the size of network, these are various violations of network security. It forms a great threat to the normal operation of network. In current Internet environment, this is a period of coexistence of IPv4 and IPv6, it is not only to detect the flow of IPv4 network, but also to detect the flow of IPv6 network. Network traffic anomaly system can detects network traffic in large scale, and network intrusion detection system can detects intrusions in small scale. They jointly protect network security.According to the above analysis, the following several aspects are studied in this paper:Firstly, this paper proposes a method which based on entropy traffic matrix and subspace model. Traffic matrix is used to describe network traffic, network stream contains IP address, port, protocol and other attributes. This paper uses entropy for serializing traffic matrix of network flow. Because of consistency about local structure and the overall structure in current network traffic, this paper uses the subspace method to analyze network abnormal traffic. By experimental comparison, the method in this paper enhances the accuracy of network traffic anomaly detection.Secondly, in this paper, a method of intrusion detection is proposed. The method adopts idea of ensemble learning. It selects the combination of high accuracy and large difference classifiers to improve overall detection performance. It overcomes the problem that single classifier detection accuracy is not high. It uses public authority dataset for experiment, and shows that the method has a good effect. It reduces the false positive rate and false negative rate in the intrusion detection system that the overall accuracy is higher.Finally, JFLOW monitoring system prototype is designed and implemented in this paper. Because of the lack of sufficient network security detection measures for the campus network, this paper designs and implements a monitoring system for anomaly detection and intrusion detection in a campus network environment. This system is completed with the help of the open source community. It joins the core algorithm of network anomaly detection and intrusion detection in this paper. This system completes the network traffic anomaly and intrusion detection in the real network traffic data. The system uses real network data to test. The result shows that it detects traffic anomaly and network intrusion behavior. It meets the design requirements, and has certain practical value. It provides a good platform for subsequent researches. |
PDF Full Text Request