| With the rapid expansion of the Internet,different protocols of network traffic flooding the Internet,the Internet has becoming increasingly complex.How to identify anomaly traffic rapidly and accurately,reducing the impact of abnormal behavior of the relevant network platform and business,ensuring the availability and reliability of the entire network is of great importance.And it has become the attractive and valuable subject in the present academic and industrial circles.This paper intended to discuss the existing network anomaly detection algorithms,aimed to improve the Bag of Words model(BoW)algorithm for anomaly network detecting,and we evaluated the performance of algorithm through public database.The main contents and innovations of the thesis are as followed:(1)Focused on the issue that the manual intervention of setting warning threshold relies on experience and the signature of abnormal traffic updates not timely,an anomaly detection algorithm based on Stream Point Bag of Word(SP-BoW)was proposed.The algorithm can train model automatically,classify the anomaly network traffic and realize the anomaly traffic real-time detection.(2)In order to better detect the Distributed Denial of Service(DDoS)attack,an improved detection algorithm based on Binary Stream Point Bag of Word(BSP-BoW)was proposed.The proposed algorithm extracted Stream Point(SP)from current network traffic directly,which was suited for different topology networks.And the algorithm can also provide the basis for attacking defense stage.(3)Proposed a framework for anomaly traffic detection that could be deployed on the cloud platform.The kernel detection algorithm is based on the BSP-BoW algorithm,which deployed on the entry point of each service or cloud platform network.The detection algorithm can extract the Stream Point(SP)from training samples,and distribute the anomaly SP feature to the detection parts.This framework can detect and analyze the current topology network abnormal traffic rapidly and effectively. |
PDF Full Text Request