【作者】 王海龙；

【导师】 杨岳湘；

【作者基本信息】 国防科学技术大学 ， 计算机科学与技术， 2006， 硕士

【摘要】 随着网络规模的日益扩大和承载业务种类的逐渐增多,Internet的发展给人们带来了巨大方便。但是,这些也使网络中出现各种异常的机会大大增加,给网络监测带来了更大的挑战。网络流量异常分析是网络监测中的关键部分,能够准确、及时地检测出异常对提高网络的可用性和可靠性具有非常重要的意义。大规模网络流量的特点是维数多、速度快、规模宏大,但现有的基于时间序列的统计分析和基于信号的小波分析对这类数据的处理能力有限,需要一种更简单高效的异常流量分析方法。本文就是探索大规模网络流量异常分析的新方法,以提高对网络流量异常的检测和分类的能力,并利用这种方法实现网络流量监测的功能。首先对已提出的子空间方法进行了研究,并应用于实验环境中实现了大规模网络流量异常检测,通过对结果的对比分析证明了基于子空间方法的异常检测具有更高的检测精度。然后在改进基于信息熵的大规模网络流量异常检测和异常分类方法的基础上,提出了一种分布式的异常检测方法,经实验证明该方法操作简单,处理时间短,检测效果好。最后提出大规模网络流量异常检测系统框架模型,由流量采集模块和预处理模块、异常分析模块、综合分析及可视化模块组成,并通过实验验证了该模型的有效性,具有实际应用价值。更多还原

【Abstract】 With the expansion of network size and the increase of services provided, the rapid development of the Internet brings us a lot of convenience. However, this also results in the menaces from various kinds of security incidents, which enable network-monitor to face the greater challenges. Network traffic anomaly analysis is a key part of network-monitor, whether the network anomaly is detected accurately or not is very import to improve network availability and reliability.The characteristic of the large-scale network traffic data is many dimensions, rapid, large, while the availability of today’s statistic analysis based on time sequence and wavelet analysis based on signal dealing with is limit. So a simple and effective anomaly analysis method is in great need. This thesis presents some new methods to detect the large-scale network traffic anomaly analysis, which not only improve the capability to detect anomaly and anomaly classification, but also realize network-monitor function.First of all, we study subspace method which has been presented, and in experiment environment realize the process of detecting the large-scale network traffic anomalies applying subspace method. Through the results’contrast analysis, it shows that the traffic anomaly detection based on subspace method has a higher detection precision. Then in terms of improvement of the large-scale network traffic anomaly detection and anomaly classification methods based on entropy, we present a new method of distributed anomaly detection. The experiment proves that this method operates simply and reduces the detection time greatly, which can satisfy the request of the online detection. Finally, we present the large-scale network traffic anomaly detection system frame model, which is made up of traffic data collection and pre-disposal model, anomaly analysis model, synthesis analysis and visualized model. Several practices have been made to prove that the model is effective and practical.更多还原