| Under the era of big data,cybersecurity receives unprecedented attention.However there is still some challenges in this field.On one hand,traditional network security analysis methods cannot satisfy the demands of mass data analysis due to the various cyber-attack features and explosive network data volume.On the other hand,since a large amount of new attack patterns and the Advanced Persistent Threat(APT)appear,the traditional analysis methods cannot respond quickly and effectively.The network anomaly detection platform(NADP)based on big data and machine learning is a good solution to solve these problems.Its core is to combine the massive data processing technology with the high-precision abnormal detection based on machine learning.The advantage of proposed NADP depends on aspects as follows.First,it is unnecessary to construct a database to match the attack patterns.Second,with the usage of numerous data,the model in NADP can be trained automatically.Therefore,the platform is able to overcome the defects existing in traditional methods.According to the current development of anomaly detection,this paper proposes a network anomaly detection platform.Firstly,based on big data,this platform provides reliable and efficient access control and storage.Meanwhile a fast,efficient solution to processing massive network data flow has been designed.It can reduce the resource consumption and improve the efficiency of platform operation.Finally,a reorganization of the TCP session and processing session statistics feature data method has been designed.It is helpful to improve the operational efficiency of the platform and ability of abnormal detection. |
PDF Full Text Request