Design And Implementation Of Flow-based Network User Behavior Checking System

With the advent of the digital age,the network has become one of the indispensable factors in the operation of many enterprises.As the public network is full of various attacks,more and more enterprises establish intranets within the organization and set up special network maintenance.Personnel to ensure the effectiveness and stability of the internal network.However,these measures can not play any supervisory role for internal employees to generate non-workflow during working hours.When the network traffic in the LAN increases or attacks occur,the attacked host and the attack source cannot be detected in time.Therefore,for the policy upgrade of network management,network managers are often in a state of lagging passive.In response to the above problems,this paper designs a flow-based network user behavior checking system.The user's online behavior can be analyzed and judged by various factors such as the type of application used by the user,the number of application traffic,and the duration of application.Therefore,by collecting and parsing the traffic data in the current local area network,and using the neural network to determine the application category to which the traffic belongs,the online behavior of each user is summarized.Through the network user behavior checking system,network administrators can accurately and timely understand the changes in traffic in the current LAN.The main work of this paper is as follows(1)Using tornado to design and implement a multi-collection point,B/S-based flow-based quasi-real-time network user behavior checking system.At the macro level,the system can monitor the topology data of the host in the entire LAN,the throughput of various applications,and alarm data by monitoring the traffic data in the entire LAN.At the micro level,for a given host,you can view the running status of the application traffic on the current host in detail,and classify the behavior of the host according to the traffic generated by the host.Through Socket communication,the data between multiple collection points can be connected,and the network administrator can see the network situation of multiple collection points on one machine,reducing labor expenditure.(2)Use deep learning algorithms to solve traffic classification problems.For the traditional traffic identification method,only the communication protocol and the communication port carried by the traffic packet header directly determine the application category to which the traffic belongs,and the correspondence between the specific application and the feature information of the traffic is not mined,and the classification accuracy is low.However,the traditional machine learning classification method can only learn the data features offline,and the feature learning process must be re-executed for the newly added data,which is inefficient.In this paper,a fully connected network and a full convolutional network are constructed respectively,and the user traffic is classified into application categories.Both neural networks achieve nearly 99% classification accuracy on the data set,and the classification speed is close to 10000 strips/second.Can be used in network user behavior checking systems.