【摘要】：伴隨著互聯(lián)網(wǎng)的高速發(fā)展，互聯(lián)網(wǎng)的應(yīng)用在各個(gè)領(lǐng)域內(nèi)得到了廣泛的普及。現(xiàn)在網(wǎng)絡(luò)已經(jīng)無處不在，無論是辦公還是娛樂都離不開網(wǎng)絡(luò)，它成為了人們?cè)谄綍r(shí)的工作生活中的一部分。網(wǎng)絡(luò)技術(shù)飛速發(fā)展帶來的網(wǎng)絡(luò)安全性逐漸本人們所關(guān)注，各種網(wǎng)絡(luò)安全問題層出不窮，網(wǎng)絡(luò)攻擊、木馬攻擊、病毒傳播等異常流量比比皆是，過去那些傳統(tǒng)的入侵檢測(cè)系統(tǒng)已經(jīng)無法滿足目前高速發(fā)展的網(wǎng)絡(luò)環(huán)境了�；谏鲜霰尘�，本文進(jìn)行了相關(guān)研究工作。 本文首先對(duì)網(wǎng)絡(luò)流量的采集方法進(jìn)行了相關(guān)的研究和探討，并介紹了SNMP的采集方法、網(wǎng)絡(luò)探針的采集方法、NetFlow的采集方法的基本原理，分析了這幾種技術(shù)的優(yōu)缺點(diǎn)，并在分析結(jié)果的基礎(chǔ)之上對(duì)NetFlow的網(wǎng)絡(luò)流量采集方法做了細(xì)致深入的研究工作，最終選擇了基于NetFlow的采集方法。然后提出了一種基于聚類算法的異常流量檢測(cè)算法。通過對(duì)網(wǎng)絡(luò)異常流量的內(nèi)在相關(guān)特征做了重點(diǎn)的分析，依據(jù)其特征設(shè)計(jì)了基于聚類的異常檢測(cè)算法，該算法通過相似度和互聯(lián)性這個(gè)評(píng)價(jià)標(biāo)準(zhǔn)，通過合并這兩類高標(biāo)準(zhǔn)用以提高該聚類算法的質(zhì)量。第三，本文設(shè)計(jì)實(shí)現(xiàn)了網(wǎng)絡(luò)流量異常檢測(cè)系統(tǒng)的模型，該模型主要包括數(shù)據(jù)采集模塊、信息統(tǒng)計(jì)模塊、異常檢測(cè)模塊、報(bào)警及信息呈現(xiàn)模塊這四部分組成。數(shù)據(jù)采集模塊首先對(duì)NetFlow從路由器出口采集得帶的數(shù)據(jù)信息進(jìn)行檢測(cè)和數(shù)據(jù)處理，然后將處理后的數(shù)據(jù)存入數(shù)據(jù)庫，信息統(tǒng)計(jì)模塊則將采集的信息進(jìn)行聚合處理并將得到的數(shù)據(jù)存入數(shù)據(jù)庫，并將統(tǒng)計(jì)信息展示給用戶；異常檢測(cè)主要是對(duì)流量異常檢測(cè)，，它能檢測(cè)出流量異常的主機(jī)并定位。通過對(duì)系統(tǒng)的測(cè)試和模擬實(shí)現(xiàn)，可以發(fā)掘網(wǎng)絡(luò)流量異常并檢測(cè)出異常流量的主機(jī)。
[Abstract]:With the rapid development of the Internet, the application of the Internet has been widely spread in various fields. Now the network has been everywhere, whether office or entertainment can not do without the network, it has become a part of people's normal work and life. The network security brought by the rapid development of network technology is gradually concerned by us. Various network security problems emerge in endlessly, such as network attack, Trojan horse attack, virus spread and other abnormal traffic can be found everywhere. In the past, the traditional intrusion detection system can not meet the rapid development of the network environment. Based on the above background, this paper has carried on the related research work. In this paper, the collection method of network flow is studied and discussed, and the acquisition method of SNMP and the basic principle of acquisition method of network probe are introduced, and the advantages and disadvantages of these techniques are analyzed. On the basis of the analysis results, the paper makes a detailed and thorough research on the network traffic collection method of NetFlow, and finally chooses the method based on NetFlow. Then, an anomaly detection algorithm based on clustering algorithm is proposed. Based on the analysis of the inherent correlation features of network abnormal traffic, a clustering based anomaly detection algorithm is designed, which is evaluated by similarity and interconnection. The quality of the clustering algorithm is improved by combining these two kinds of high standards. Thirdly, the model of network traffic anomaly detection system is designed and implemented in this paper. The model consists of four parts: data acquisition module, information statistics module, anomaly detection module, alarm module and information presentation module. The data acquisition module firstly detects and processes the data information collected by NetFlow from the router outlet, and then stores the processed data into the database. The information statistics module aggregates the collected information and stores the acquired data to the database and displays the statistical information to the user. The anomaly detection is mainly to detect the flow anomaly and it can detect the host computer with the abnormal flow and locate it. Through the test and simulation of the system, we can discover the abnormal network traffic and detect the abnormal traffic.
【學(xué)位授予單位】：河北大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.06

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 吳國東;黃牛;劉巍;;基于NetFlow流量分析的網(wǎng)絡(luò)蠕蟲檢測(cè)算法[J];船電技術(shù);2010年11期

2 佘鋒;王小玲;;基于半監(jiān)督學(xué)習(xí)的網(wǎng)絡(luò)流量分類[J];計(jì)算機(jī)工程;2009年12期

3 朱士瑞;耿春梅;許曉東;;基于EBP的宏觀網(wǎng)絡(luò)流量異常行為檢測(cè)[J];計(jì)算機(jī)工程;2009年13期

4 龍柏?zé)?闕喜戎;王文東;龔向陽;;IP組播在BitTorrent中的應(yīng)用研究[J];計(jì)算機(jī)工程;2010年03期

5 夏正敏;陸松年;李建華;馬進(jìn);;基于自相似的異常流量自適應(yīng)檢測(cè)方法[J];計(jì)算機(jī)工程;2010年05期

6 李宗林;胡光岷;周汝強(qiáng);;基于層疊模型的網(wǎng)絡(luò)流量異常檢測(cè)方法[J];計(jì)算機(jī)應(yīng)用研究;2008年09期

7 崔艷娜;;一種網(wǎng)絡(luò)流量異常檢測(cè)模型[J];計(jì)算機(jī)與現(xiàn)代化;2013年08期

8 魯旭濤;趙曉東;翟蓓蓓;;IP網(wǎng)絡(luò)流量控制技術(shù)的應(yīng)用及發(fā)展[J];山西電子技術(shù);2012年06期

9 潘喬;裴昌幸;朱暢華;;一種用于異常檢測(cè)的網(wǎng)絡(luò)流量抽樣方法[J];西安交通大學(xué)學(xué)報(bào);2008年02期

10 陳寧;陳曉蘇;劉輝宇;熊兵;;一種基于小波分析的網(wǎng)絡(luò)流量異常檢測(cè)與定位方法[J];小型微型計(jì)算機(jī)系統(tǒng);2010年01期

相關(guān)博士學(xué)位論文 前3條

1 熊偉;基于突變理論及協(xié)同學(xué)的網(wǎng)絡(luò)流量異常檢測(cè)方法研究[D];華中科技大學(xué);2011年

2 周俊臨;基于數(shù)據(jù)挖掘的分布式異常檢測(cè)[D];電子科技大學(xué);2010年

3 夏正敏;基于分形的網(wǎng)絡(luò)流量分析及異常檢測(cè)技術(shù)研究[D];上海交通大學(xué);2012年

本文編號(hào)：2212246