Design And Implementation Of Anomaly Detection System Of Internet Based On Active Probe

With the development of network technology and the increasing scale of Internet,the Internet topology structure is becoming more and more complicated,and the network devices are diversified.Which increases the probability greatly of network failure or performance,moreover the user requirements of the quality of service—Qo S is further improved,so the difficulty of network monitoring is more significant.The purpose of network monitoring is to probe the state of network equipment and the health of network running continuously,and discover the abnormal behavior in the Internet.When the Internet is abnormal,the alarm notification can be sent in time to remind the network management personnel to take the necessary means to solve the problems and restore Internet.When the network is small or monitor the local area,you can rely on the current traffic anomaly detection or experience to analyze them,the network to determine the status of operation and evaluation.However,but the current cyberspace has become the country's fifth territory,cyberspace awareness and cyberspace security requirements us to be from the national and global point of view to monitor the current operating conditions of the Internet,especially in the face of sudden changes,aggressive Internet Exceptional events,the need for a system to be able to timely detection of the anomaly and locate it.Based on the cyberspace security situation,our theisi designs and realizes the Internet anomaly detection system based on active detection.In order to complete the abnormal detection of the Internet,this thesis designs a complete system platform from bottom to top,which mainly includes active detection module,data preprocessing module,anomaly detection module,anomaly analysis module and abnormal location module.First,the active detection is real-time discovery of the dynamic routing link in the Internet;and then the routing link data through data analysis,data noise reduction,effective path extraction and renormalization to achieve dynamic topology extraction;Second,a method of Internet anomaly detection is prosed based on the network diameter.Then,for the abnormal topology of static and dynamic analysis,from different angles and scales to explore the characteristics of abnormal topology.Finally,based on the sub-map mining technology and geographical location technology to achieve the Internet anomaly location function.Finally,our thesis gives the realization of the system and the key algorithm analysis.At the same time,the system was tested from three aspects: test case,system test and nonfunctional test.The test results were in accordance with the expected results.In particular,based on the Internet topology data of DDo S attack in the United States on October 21,2016,the actual detection operation is carried out,which indicates that the system has high practicability.