【摘要】：隨著互聯(lián)網(wǎng)技術(shù)的飛速發(fā)展,網(wǎng)絡(luò)中的流量越來(lái)越豐富,并且對(duì)網(wǎng)絡(luò)傳輸?shù)目煽啃�、�?shí)時(shí)性和安全性的要求也越來(lái)越高。隨之而來(lái)的網(wǎng)絡(luò)異常流量攻擊,給人們的生活帶來(lái)了嚴(yán)重的潛在威脅,影響到互聯(lián)網(wǎng)的正常運(yùn)行。其中,異常流量對(duì)網(wǎng)絡(luò)的危害主要體現(xiàn)在兩個(gè)方面：第一方面是占用大量的網(wǎng)絡(luò)資源,包括交換機(jī)等網(wǎng)絡(luò)設(shè)備；第二方面是造成互聯(lián)網(wǎng)的網(wǎng)絡(luò)擁堵,從而使網(wǎng)絡(luò)數(shù)據(jù)包的時(shí)延增大,產(chǎn)生丟包行為,甚至導(dǎo)致網(wǎng)絡(luò)癱瘓不可用。因此對(duì)網(wǎng)絡(luò)異常流量的檢測(cè)和識(shí)別成為一個(gè)關(guān)鍵性的研究熱點(diǎn)和問(wèn)題。 本文基于當(dāng)前最流行熱門的網(wǎng)絡(luò)模型OpenFlow來(lái)對(duì)校園網(wǎng)環(huán)境下的異常流量進(jìn)行識(shí)別和管理。通過(guò)研究對(duì)異常流量的檢測(cè)和識(shí)別,在總結(jié)前人經(jīng)驗(yàn)基礎(chǔ)之上基于OpenFlow平臺(tái)實(shí)現(xiàn)一套網(wǎng)絡(luò)異常流量的識(shí)別管理系統(tǒng)展開以下一系列工作和創(chuàng)新之處,主要包括流量采集抽樣模塊,異常流量識(shí)別模塊和異常流量管控模塊三大模塊來(lái)對(duì)異常流量進(jìn)行處理。 (1)流量采樣模塊是基于OpenFlow平臺(tái)對(duì)流量進(jìn)行采樣,在OpenFlow交換機(jī)上安裝流量采集節(jié)點(diǎn),通過(guò)采用自適應(yīng)的動(dòng)態(tài)采樣算法對(duì)經(jīng)過(guò)流表查詢的數(shù)據(jù)包進(jìn)行捕獲統(tǒng)計(jì),并作基本的過(guò)濾和協(xié)議分析。將采集得到的數(shù)據(jù)作為訓(xùn)練數(shù)據(jù)集,通過(guò)對(duì)數(shù)據(jù)進(jìn)行分流,使流量進(jìn)行預(yù)處理,按照網(wǎng)絡(luò)流量的協(xié)議進(jìn)行聚類,建立相應(yīng)的IP群,同時(shí)生成訓(xùn)練樣本數(shù)據(jù)集,對(duì)樣本數(shù)據(jù)集進(jìn)行屬性分析,讓訓(xùn)練樣本生成聚類數(shù)據(jù),同時(shí)對(duì)聚類的數(shù)據(jù)進(jìn)行標(biāo)記。 (2)異常流量檢測(cè)識(shí)別模塊是將采集到的數(shù)據(jù)集作為分析粒度,運(yùn)用數(shù)據(jù)挖掘相關(guān)技術(shù)及算法對(duì)數(shù)據(jù)記錄進(jìn)行劃分并找出數(shù)據(jù)記錄之間的相互關(guān)系及隱含的、有用的模式和規(guī)則,劃分出正常行為庫(kù)和異常行為庫(kù),然后對(duì)異常行為庫(kù)進(jìn)行模式分析,通過(guò)在OpenFlow控制器中設(shè)置過(guò)濾規(guī)則,通過(guò)將異常行為庫(kù)與過(guò)濾規(guī)則進(jìn)行匹配從而識(shí)別出異常流量。數(shù)據(jù)挖掘的算法采用K-means算法,對(duì)于大流量的計(jì)算具有可伸縮和高效性,可以達(dá)到局部最優(yōu)。 (3)異常流量管控模塊主要包括如何定制過(guò)濾規(guī)則以及生成決策樹,對(duì)異常數(shù)據(jù)包的分類處理和分析協(xié)議結(jié)構(gòu)以及信息反饋。 最后通過(guò)仿真平臺(tái)Mininet和Floodlight搭建實(shí)驗(yàn)?zāi)M平臺(tái),通過(guò)模擬流量的收發(fā)和模擬網(wǎng)絡(luò)攻擊驗(yàn)證了本文設(shè)計(jì)的模型的正確性和可行性。
[Abstract]:With the rapid development of Internet technology, the traffic in the network becomes more and more abundant, and the reliability, real-time and security requirements of network transmission are also higher and higher. The following network abnormal traffic attacks have brought serious potential threats to people's lives and affected the normal operation of the Internet. Among them, the harm of abnormal traffic to the network is mainly reflected in two aspects: the first aspect is to occupy a large number of network resources, including switches and other network equipment; The second aspect is to cause the network congestion of the Internet, so that the delay of the network packet increases, resulting in packet loss behavior, and even makes the network paralyzed unusable. Therefore, the detection and identification of network abnormal traffic has become a key research hotspot and problem. This paper is based on the most popular network model OpenFlow to identify and manage abnormal traffic in campus network environment. By studying the detection and identification of abnormal traffic, on the basis of summarizing the previous experience, a set of network abnormal traffic identification management system based on OpenFlow platform is implemented, including the following a series of work and innovations, mainly including the flow sampling module. Abnormal traffic identification module and abnormal flow control module to deal with abnormal traffic. (1) the flow sampling module is based on the OpenFlow platform to sample the traffic, install the traffic collection node on the OpenFlow switch, and capture the data packets after the flow table query by adopting the adaptive dynamic sampling algorithm. And basic filtering and protocol analysis. The collected data are used as training data set, and the traffic is pre-processed by dividing the data, clustering according to the network traffic protocol, establishing the corresponding IP group, and generating the training sample data set at the same time. Attribute analysis is carried out on the sample data set to make the training sample generate cluster data and mark the clustering data. (2) the anomaly flow detection and recognition module takes the collected data set as the analysis granularity, uses the data mining related technology and algorithm to divide the data record and find out the relationship and implicature among the data records. Useful patterns and rules, divided into normal behavior database and abnormal behavior database, and then the abnormal behavior database for pattern analysis, by setting filtering rules in the OpenFlow controller, The abnormal traffic is identified by matching the exception behavior library with the filtering rules. The algorithm of data mining adopts K-means algorithm, which is scalable and efficient for the computation of large traffic, and can reach the local optimum. (3) abnormal traffic control module mainly includes how to customize filtering rules and generate decision tree, classify and analyze the protocol structure of abnormal data packets and feedback information. Finally, Mininet and Floodlight are used to build the simulation platform, and the correctness and feasibility of the model are verified by the simulation traffic receiving and network attack simulation.
【學(xué)位授予單位】：大連理工大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.18

【參考文獻(xiàn)】

相關(guān)期刊論文 前5條

1 韓君,張煥國(guó),羅敏;一種基于數(shù)據(jù)挖掘的分布式入侵檢測(cè)系統(tǒng)[J];計(jì)算機(jī)工程與應(yīng)用;2004年08期

2 劉穎秋;李巍;李云春;;網(wǎng)絡(luò)流量分類與應(yīng)用識(shí)別的研究[J];計(jì)算機(jī)應(yīng)用研究;2008年05期

3 劉磊;李聞天;肖^j;王榮彬;;校園網(wǎng)中P2P應(yīng)用的管理策略及流量監(jiān)控初探[J];昆明理工大學(xué)學(xué)報(bào)(理工版);2008年03期

4 朱琳;朱參世;;滑動(dòng)窗口數(shù)據(jù)流聚類算法在IDS中的應(yīng)用[J];計(jì)算機(jī)工程與應(yīng)用;2014年01期

5 王風(fēng)宇;云曉春;王曉峰;王勇;;高速網(wǎng)絡(luò)監(jiān)控中大流量對(duì)象的提取[J];軟件學(xué)報(bào);2007年12期

，

本文編號(hào)：2448444