【作者】 张瑞；

【导师】 邱雪松；

【作者基本信息】 北京邮电大学 ， 计算机科学与技术， 2008， 硕士

【摘要】 网络异常流量检测功能是IT运维管理系统的重要功能之一。在IT系统的管理过程中,网络的可用性和可靠性是一项非常重要的指标,通过对网络流量的检测可以对网络运行状况进行预判,从而可以采取针对性的解决措施来保证网络正常的运行。针对企业内部IT网络,如何设计实现合理有效的网络流量异常检测方法已成为IT管理中重要的课题。本文在介绍了现有常用的网络流量异常检测算法的基础上,然后结合企业内部IT网络自身的特点,提出了用时间窗比较进行网络异常流量检测的新算法;然后将所提出的新算法同已有的静态、动态检测算法相结合,提出了网络异常流量综合检测模型,通过不同方法和不同角度比较来发现网络中是否存在异常流量。在介绍IT运维管理系统及其功能的基础上,设计并实现了网络异常流量检测子系统,此子系统实现所提出的网络异常流量综合检测模型。论文给出了子系统的详细设计,数据库设计,检测流程及其实现步骤、实现主要类的说明和测试情况。最后对论文加以总结并提出需要进一步研究或改进的工作。更多还原

【Abstract】 Network traffic anomaly detection is an important component of IT management. With in the operating of the IT system, the reliability and the usability are the key performance indicators. To analyze the components of the network work traffic, we can judge the operating status of the network and make the right decision to make sure the stable status of the network. How to design an effective model of anomaly detection to check the inner network of a corperation is an important task in the IT management.Firstly, the basic knowledge of network traffic anomaly detection is introduced and the research background and significance of this issue is also described. Secondly, in terms of the characters of the inner network in one company, the design concepts and function requirements of the network traffic anomaly dectection are introduced. Check the network traffic anomaly by different ways and from different views. By introducing IT operation management system structure and function requirements, the software architectures of network traffic anomaly detection are put forward, and the module design, primary database structures, workflow of dectection, main algorithms and the main implement classes are also stated. At last, the conclusion of this paper and some future work are briefly introduced.更多还原