Design And Implementation Of Abnormal Traffic Monitoring System For Campus Network

With the rapid development of Internet technology and the increasing complexity of network environment,network attacks improve the concealment by means of encryption and confusion,which brings new challenges to network security protection and abnormal behavior discovery.At present,domestic and foreign scholars have done a lot of research work in the field of abnormal flow detection,and have made a series of achievements.Deep packet detection,data mining and machine learning,which are widely used in abnormal behavior detection,have performed well in the experimental environment,however,there are many problems in the actual production environment,including low detection efficiency and high error recognition rate.Aiming at the above problems,this paper deeply analyzes the traditional traffic identification method and the machine learning method,and proposes an abnormal traffic classification scheme based on the big data analysis platform,which combines the traditional traffic identification technology and the machine learning technology,and realized the campus network environment-oriented abnormal traffic monitoring platform.First of all,at the level of traffic information collection,the primary screening of traffic and the extraction of basic traffic information are accomplished by using the technology of encrypted traffic detection and deep packet detection,the data association technology is used to complete the screening based on the behavior characteristics.Through two data screening,the system pressure of the traffic classification stage is reduced in the campus network environment,flume and Kafka platform were used to collect and transmit the traffic information log.Secondly,on the level of traffic classification,on the one hand,experiments are carried out on machine learning algorithms such as KNN,SVM,random forest,decision tree,etc.,the results of cross-validation of each machine learning algorithm are compared,and the classification effect of decision tree is better in this data set.On the other hand,the original traffic information data is processed by using Spark Streaming stream processing architecture,and the optimized classification model is used to complete the classification of the original data stream,at the same time,on the basis of the classification results,the abnormal traffic monitoring data are statistically updated.Finally,at the data storage and display level,according to the business needs,Hadoop is used to complete the log storage of the original data stream,Mysql is used to complete the data storage of the exception monitoring system,and Think PHP is used to complete the data display system,to meet the business for the historical data traceability needs and display interface data quick response needs.Through the testing of the system and the application of campus network environment,the system satisfies the monitoring requirements of abnormal traffic in campus network environment in the accuracy and real-time.