Design And Implementation Of Network Traffic Analysis System

With the development of the network in modern life,people are more and more inseparable from the network in their daily life,and the security of the network is becoming more and more important.How to find out the hidden danger in the network system is a problem worth studying.At present,the widely used and mature network security technologies are mainly firewall technology,encryption technology,intrusion detection technology,anti-virus technology,PKI technology and so on.This paper mainly discusses and deals with the intrusion detection technology.The product of common intrusion detection technology is IDS.As a mature product,its technology,stability and reliability have reached a very good level.IDS have two types,a hardware product and a software products,many manufacturers from also China and other countries such as the US have launched their own products,but in the actual work,due to various practical constraints,I need to design a traffic analysis software to detect potential safety threaten in the network system.In the actual secuurity detection work,because the network topology environment of the customers can not be changed,it is necessary to bypass traffic in the network and acquire traffic data in the network system.But the traffic data contains all data that flows through the entire network node,there must be a lot of low value data,such as the video and audio data in the network.Such data is nearly useless in judging the secuurity problems existing in the network system,and other low value data occupy a large amount of traffic in the network system,which causes interference that can not be ignored in the network system analysis process.So in the past,the traffic data obtained in work can only be saved as archived historical evidence,and can not provide valuable information for analyzing the network system of the customers.How to extract useful information from such a large amount of data is the starting point of this program.This paper first expounds the necessity of writing software autonomously,describes in detail the early conditions before software preparation,and enumerates the constraints and requirements encountered in practical work,then designs and implements a custom-made software.The software combines intrusion detection technology,through the use of two categories of Intrusion Detection Technology:misuse detection technology and anomaly detection technology to analyze the existing network traffic data.Based on the analysis of the existing standard PCAP files,the effective data can be extracted and collated,which can effectively improve the efficiency of the present work.Based on the existing demand analysis,taking into account the actual work environment,the design of the three modules:the data processing module,processing module and results analysis template customization module,realizes the analysis of the PCAP file and extract effective information.By analyzing the standard PCAP files,the program analyzes several common network protocols,and gets the result of certain format analysis,which provides a basis for analyzing whether there is dangerous behavior in the data.It provides feasibility of using the past network traffic data provide again,and brings convenience to the author's work,effectively improve the work efficiency.