Research On Local Area Network Anomaly Detection Based On NetFlow

With the continuous development of Internet technology in the new environment,all kinds of network attack technologies have changed greatly,and the form of security attack and defense has changed greatly,too.The detailed performance is that the attack is becoming more and more diversified,and the attack coverage is relatively large.The current challenges focus on the following points: 1)Network security situation has not been effectively apperceived;2)Large scale data cannot be disposed effectively;3)Abnormal behaviors and unknown threats are not detected effectively;4)Safety management lacks standardized coordination mechanism;5)The flexibility of security protection is insufficient,and the support is provided by manpower;6)New security applications are increasingly closed.NetFlow technology is a flow analysis solution proposed by Cisco.This technology promotes corresponding data mining activities by monitoring network and user related activities and performing related analysis,realizing the measurement and statistics of IP data flow.The IP/MPLS flow analysis solution that is generally recognized in the current Internet system.As the application of computer network technology inside the enterprise,the local area network has the structure and technical characteristics similar to the external Internet.Based on NetFlow technology,this paper proposes a model for monitoring and detecting the network,and then identifying abnormal traffic and network attacks,and proposes a solution.The specific research content of the thesis is as follows:(1)Research on NetFlow and its key technologies,analyze the application background,describe its application in the field of local area network anomaly detection,and then introduce and propose a system model for monitoring and detecting abnormal network flow on this basis.(2)Analyze the common abnormal flow in the local area network,and propose a corresponding treatment for the flow based on the relevant characteristics of each abnormal flow,and then propose a multi-level flow classification scheme.(3)Create a model of abnormal flow separating and attack classification processing.The model sets the parameters,creates the signature database according to the difference of different application occasions,analyzes and diagnoses the collected content,implementes the classification of the flow,and processes abnormal data,and carries out simulation to verify the usability of the system.