基于NetFlow的網(wǎng)絡(luò)流量異常檢測技術(shù)研究
發(fā)布時間:2018-08-29 19:54
【摘要】:伴隨著互聯(lián)網(wǎng)的高速發(fā)展,互聯(lián)網(wǎng)的應(yīng)用在各個領(lǐng)域內(nèi)得到了廣泛的普及,F(xiàn)在網(wǎng)絡(luò)已經(jīng)無處不在,無論是辦公還是娛樂都離不開網(wǎng)絡(luò),它成為了人們在平時的工作生活中的一部分。網(wǎng)絡(luò)技術(shù)飛速發(fā)展帶來的網(wǎng)絡(luò)安全性逐漸本人們所關(guān)注,各種網(wǎng)絡(luò)安全問題層出不窮,網(wǎng)絡(luò)攻擊、木馬攻擊、病毒傳播等異常流量比比皆是,過去那些傳統(tǒng)的入侵檢測系統(tǒng)已經(jīng)無法滿足目前高速發(fā)展的網(wǎng)絡(luò)環(huán)境了;谏鲜霰尘,本文進行了相關(guān)研究工作。 本文首先對網(wǎng)絡(luò)流量的采集方法進行了相關(guān)的研究和探討,并介紹了SNMP的采集方法、網(wǎng)絡(luò)探針的采集方法、NetFlow的采集方法的基本原理,分析了這幾種技術(shù)的優(yōu)缺點,并在分析結(jié)果的基礎(chǔ)之上對NetFlow的網(wǎng)絡(luò)流量采集方法做了細致深入的研究工作,最終選擇了基于NetFlow的采集方法。然后提出了一種基于聚類算法的異常流量檢測算法。通過對網(wǎng)絡(luò)異常流量的內(nèi)在相關(guān)特征做了重點的分析,依據(jù)其特征設(shè)計了基于聚類的異常檢測算法,該算法通過相似度和互聯(lián)性這個評價標準,通過合并這兩類高標準用以提高該聚類算法的質(zhì)量。第三,本文設(shè)計實現(xiàn)了網(wǎng)絡(luò)流量異常檢測系統(tǒng)的模型,該模型主要包括數(shù)據(jù)采集模塊、信息統(tǒng)計模塊、異常檢測模塊、報警及信息呈現(xiàn)模塊這四部分組成。數(shù)據(jù)采集模塊首先對NetFlow從路由器出口采集得帶的數(shù)據(jù)信息進行檢測和數(shù)據(jù)處理,然后將處理后的數(shù)據(jù)存入數(shù)據(jù)庫,信息統(tǒng)計模塊則將采集的信息進行聚合處理并將得到的數(shù)據(jù)存入數(shù)據(jù)庫,并將統(tǒng)計信息展示給用戶;異常檢測主要是對流量異常檢測,,它能檢測出流量異常的主機并定位。通過對系統(tǒng)的測試和模擬實現(xiàn),可以發(fā)掘網(wǎng)絡(luò)流量異常并檢測出異常流量的主機。
[Abstract]:With the rapid development of the Internet, the application of the Internet has been widely spread in various fields. Now the network has been everywhere, whether office or entertainment can not do without the network, it has become a part of people's normal work and life. The network security brought by the rapid development of network technology is gradually concerned by us. Various network security problems emerge in endlessly, such as network attack, Trojan horse attack, virus spread and other abnormal traffic can be found everywhere. In the past, the traditional intrusion detection system can not meet the rapid development of the network environment. Based on the above background, this paper has carried on the related research work. In this paper, the collection method of network flow is studied and discussed, and the acquisition method of SNMP and the basic principle of acquisition method of network probe are introduced, and the advantages and disadvantages of these techniques are analyzed. On the basis of the analysis results, the paper makes a detailed and thorough research on the network traffic collection method of NetFlow, and finally chooses the method based on NetFlow. Then, an anomaly detection algorithm based on clustering algorithm is proposed. Based on the analysis of the inherent correlation features of network abnormal traffic, a clustering based anomaly detection algorithm is designed, which is evaluated by similarity and interconnection. The quality of the clustering algorithm is improved by combining these two kinds of high standards. Thirdly, the model of network traffic anomaly detection system is designed and implemented in this paper. The model consists of four parts: data acquisition module, information statistics module, anomaly detection module, alarm module and information presentation module. The data acquisition module firstly detects and processes the data information collected by NetFlow from the router outlet, and then stores the processed data into the database. The information statistics module aggregates the collected information and stores the acquired data to the database and displays the statistical information to the user. The anomaly detection is mainly to detect the flow anomaly and it can detect the host computer with the abnormal flow and locate it. Through the test and simulation of the system, we can discover the abnormal network traffic and detect the abnormal traffic.
【學位授予單位】:河北大學
【學位級別】:碩士
【學位授予年份】:2014
【分類號】:TP393.06
本文編號:2212246
[Abstract]:With the rapid development of the Internet, the application of the Internet has been widely spread in various fields. Now the network has been everywhere, whether office or entertainment can not do without the network, it has become a part of people's normal work and life. The network security brought by the rapid development of network technology is gradually concerned by us. Various network security problems emerge in endlessly, such as network attack, Trojan horse attack, virus spread and other abnormal traffic can be found everywhere. In the past, the traditional intrusion detection system can not meet the rapid development of the network environment. Based on the above background, this paper has carried on the related research work. In this paper, the collection method of network flow is studied and discussed, and the acquisition method of SNMP and the basic principle of acquisition method of network probe are introduced, and the advantages and disadvantages of these techniques are analyzed. On the basis of the analysis results, the paper makes a detailed and thorough research on the network traffic collection method of NetFlow, and finally chooses the method based on NetFlow. Then, an anomaly detection algorithm based on clustering algorithm is proposed. Based on the analysis of the inherent correlation features of network abnormal traffic, a clustering based anomaly detection algorithm is designed, which is evaluated by similarity and interconnection. The quality of the clustering algorithm is improved by combining these two kinds of high standards. Thirdly, the model of network traffic anomaly detection system is designed and implemented in this paper. The model consists of four parts: data acquisition module, information statistics module, anomaly detection module, alarm module and information presentation module. The data acquisition module firstly detects and processes the data information collected by NetFlow from the router outlet, and then stores the processed data into the database. The information statistics module aggregates the collected information and stores the acquired data to the database and displays the statistical information to the user. The anomaly detection is mainly to detect the flow anomaly and it can detect the host computer with the abnormal flow and locate it. Through the test and simulation of the system, we can discover the abnormal network traffic and detect the abnormal traffic.
【學位授予單位】:河北大學
【學位級別】:碩士
【學位授予年份】:2014
【分類號】:TP393.06
【參考文獻】
相關(guān)期刊論文 前10條
1 吳國東;黃牛;劉巍;;基于NetFlow流量分析的網(wǎng)絡(luò)蠕蟲檢測算法[J];船電技術(shù);2010年11期
2 佘鋒;王小玲;;基于半監(jiān)督學習的網(wǎng)絡(luò)流量分類[J];計算機工程;2009年12期
3 朱士瑞;耿春梅;許曉東;;基于EBP的宏觀網(wǎng)絡(luò)流量異常行為檢測[J];計算機工程;2009年13期
4 龍柏煒;闕喜戎;王文東;龔向陽;;IP組播在BitTorrent中的應(yīng)用研究[J];計算機工程;2010年03期
5 夏正敏;陸松年;李建華;馬進;;基于自相似的異常流量自適應(yīng)檢測方法[J];計算機工程;2010年05期
6 李宗林;胡光岷;周汝強;;基于層疊模型的網(wǎng)絡(luò)流量異常檢測方法[J];計算機應(yīng)用研究;2008年09期
7 崔艷娜;;一種網(wǎng)絡(luò)流量異常檢測模型[J];計算機與現(xiàn)代化;2013年08期
8 魯旭濤;趙曉東;翟蓓蓓;;IP網(wǎng)絡(luò)流量控制技術(shù)的應(yīng)用及發(fā)展[J];山西電子技術(shù);2012年06期
9 潘喬;裴昌幸;朱暢華;;一種用于異常檢測的網(wǎng)絡(luò)流量抽樣方法[J];西安交通大學學報;2008年02期
10 陳寧;陳曉蘇;劉輝宇;熊兵;;一種基于小波分析的網(wǎng)絡(luò)流量異常檢測與定位方法[J];小型微型計算機系統(tǒng);2010年01期
相關(guān)博士學位論文 前3條
1 熊偉;基于突變理論及協(xié)同學的網(wǎng)絡(luò)流量異常檢測方法研究[D];華中科技大學;2011年
2 周俊臨;基于數(shù)據(jù)挖掘的分布式異常檢測[D];電子科技大學;2010年
3 夏正敏;基于分形的網(wǎng)絡(luò)流量分析及異常檢測技術(shù)研究[D];上海交通大學;2012年
本文編號:2212246
本文鏈接:http://sikaile.net/guanlilunwen/ydhl/2212246.html
最近更新
教材專著
