| In recent years, the rapid development of the Internet has penetrated into all aspects of and became a part of peple’s lives, it also has applied to the country’s important infrastructure, which accelerate the process of national information. At the same time, the network attack technology has been developed rapidly, and the vulnerabilities of coputer network and operating system exposed through the Internet platform, that leads illegal activities which making use of network happen frequently, which make a great loss of economy. Therefore, it is very important to understand the security of the network and predict the development trend of the network. In addition, a single protection can not meet the demand, there is a need to consider the relevance of multi protective measures to achieve collaborative protection. In order to realize the cooperative protection and the trend prediction, to help find out the abnormal rapid and accurately, this thesis designs and implements a regional network situation prediction and visualization system. By collecting the multi-source data related to different devices in the regional network, the system can understand, analyze and predict and finally visualize the data. To make the defense for the network attack from passive to active, help administrators analyze and adjust the defense strategy.We focus on the trend prediction and visualization of regional network to carray out the following work:Firstly, design and implement a situation prediction and visualization system of regional network from data acquisition to data visualization.Secondly, collect multi-source data, to provide a strong support for the two core function: analysis and prediction.Thirdly, we study and implement the association analysis algorithm, then mining the association rules between network security events occurring in the regional network, and give out the confidence of these association rules.Fourthly, we analyze and compare the two neural network algorithm’s advantages and disadvantages, and improve the RBF, then use it for predicting the trend, and compare the prediction results.Fifthly, we propose a method of detecting abnormal traffic of network based on large amount of data, through training a large number of data, establish a model curve.Calculate the distance between the observed curve and the model curve to locate the time range in which the anomaly occurs.Sixth, we achive the visualization of data, provide interactive interface for administrator to security data.Finally, we do a functional test for association analysis module and prediction module, vertify the usability of the visualization on the monitoring side. This thesis is an early presentation of the situational awareness prediction system, which makes a good foundation for the later management and defense of the regional network. |
