网络异常流量检测模型设计与实现
|
摘要
网络异常流量检测功能是IT运维管理系统的重要功能之一。在IT系统的管理过程中,网络的可用性和可靠性是一项非常重要的指标,通过对网络流量的检测可以对网络运行状况进行预判,从而可以采取针对性的解决措施来保证网络正常的运行。针对企业内部IT网络,如何设计实现合理有效的网络流量异常检测方法已成为IT管理中重要的课题。
本文在介绍了现有常用的网络流量异常检测算法的基础上,然后结合企业内部IT网络自身的特点,提出了用时间窗比较进行网络异常流量检测的新算法;然后将所提出的新算法同已有的静态、动态检测算法相结合,提出了网络异常流量综合检测模型,通过不同方法和不同角度比较来发现网络中是否存在异常流量。
在介绍IT运维管理系统及其功能的基础上,设计并实现了网络异常流量检测子系统,此子系统实现所提出的网络异常流量综合检测模型。论文给出了子系统的详细设计,数据库设计,检测流程及其实现步骤、实现主要类的说明和测试情况。最后对论文加以总结并提出需要进一步研究或改进的工作。
Network traffic anomaly detection is an important component of IT management. With in the operating of the IT system, the reliability and the usability are the key performance indicators. To analyze the components of the network work traffic, we can judge the operating status of the network and make the right decision to make sure the stable status of the network. How to design an effective model of anomaly detection to check the inner network of a corperation is an important task in the IT management.
Firstly, the basic knowledge of network traffic anomaly detection is introduced and the research background and significance of this issue is also described. Secondly, in terms of the characters of the inner network in one company, the design concepts and function requirements of the network traffic anomaly dectection are introduced. Check the network traffic anomaly by different ways and from different views. By introducing IT operation management system structure and function requirements, the software architectures of network traffic anomaly detection are put forward, and the module design, primary database structures, workflow of dectection, main algorithms and the main implement classes are also stated. At last, the conclusion of this paper and some future work are briefly introduced.
本文在介绍了现有常用的网络流量异常检测算法的基础上,然后结合企业内部IT网络自身的特点,提出了用时间窗比较进行网络异常流量检测的新算法;然后将所提出的新算法同已有的静态、动态检测算法相结合,提出了网络异常流量综合检测模型,通过不同方法和不同角度比较来发现网络中是否存在异常流量。
在介绍IT运维管理系统及其功能的基础上,设计并实现了网络异常流量检测子系统,此子系统实现所提出的网络异常流量综合检测模型。论文给出了子系统的详细设计,数据库设计,检测流程及其实现步骤、实现主要类的说明和测试情况。最后对论文加以总结并提出需要进一步研究或改进的工作。
Network traffic anomaly detection is an important component of IT management. With in the operating of the IT system, the reliability and the usability are the key performance indicators. To analyze the components of the network work traffic, we can judge the operating status of the network and make the right decision to make sure the stable status of the network. How to design an effective model of anomaly detection to check the inner network of a corperation is an important task in the IT management.
Firstly, the basic knowledge of network traffic anomaly detection is introduced and the research background and significance of this issue is also described. Secondly, in terms of the characters of the inner network in one company, the design concepts and function requirements of the network traffic anomaly dectection are introduced. Check the network traffic anomaly by different ways and from different views. By introducing IT operation management system structure and function requirements, the software architectures of network traffic anomaly detection are put forward, and the module design, primary database structures, workflow of dectection, main algorithms and the main implement classes are also stated. At last, the conclusion of this paper and some future work are briefly introduced.
引文
[1]孟洛明,亓峰.现代网络管理技术[M].北京邮电大学出版社,2001.2-25.
[2]孟洛明 网络管理研究中的问题、现状和若干研究方向 北京邮电大学学报2003
[3]Roy A.Maxion,Frank E.Feather A Case Study of Ethernet Anomalies in a Distributed Computing Environment IEEE Transactions on Reliability VOL.39,NO.4,1990 October
[4]Frank Feather,Dan Siewiorek and Roy Maxion,Fault detection in an Ethernet network using anomaly signature matching[C].ACM SIGCOMM'93 199323(4)
[5]Marina Thottan and Chuanyi Ji.Proactive anomaly detection using distributed intelligent agents.IEEE Network,September/October 1998.
[6]Amy Ward,Peter Glynn and Kathy Richardson.Internet Service Performance Failure Detection.Performance Evaluation Review,1998,26(3).
[7]V Alarcon-Aquino and J A Barria.Anomaly detection in communication networks using wavelets,IEE Proc.-Commum.,December 2001,148(6).
[8]Paul Barford and David Plonka.Characteristics of network traffic flow anomalies.In Proceedings of the ACM SIGCOMM Internet Measurement Workshop,Nov.2001
[9]Luca Deri,Stefano Suin,Gaia Maselli,Design and Implementation of an Anomaly Detection System:an Empirical Approach.Proceedings of Terena TNC 2003,Zagreb,Croatia,May 2003
[10]Abdelnaser Adas,Traffic Models in BroadBand Networks[J],IEEECommunication Magazine 1997
[11]Glbert A C,et al,Scaling annalisis of random cascade,with application to network traffic,IEEE Trans.Inform,Theory,1999,45(3)
[12]HEFFES H.LUCANTONI D M,A Markov modulated characterization of packetized voice and data traffic and related statistical multiplexs performance,IEEE JSAC,1986 4(9)
[13]A.Adas Using Adaptive Linear Predication to Support Real-Time VBR Video Under RCBR Network Serivce Model IEEE/ACM Transaction on Networking Vol.6,No.5,Oct 1998,pp.635-644.
[14]邹伯贤,李忠诚 基于AR模型的网络异常检测微电子学与计算机2002年第12期
[15]邹伯贤,刘强 基于ARMA模型的网络流量预测 计算机研究与发展2002VOL.39 NO.12
[16]邹伯贤 网络异常的检测与诊断方法 小型微型计算机系统2004年VOL.25 NO.4
[17]王平,方斌兴,云晓春基于自动特征提取的大规模网络蠕虫检测通信学报2006年VOL.27 NO.6
[18]肖志新,杨岳湘,杨霖一个基于NetFlow的异常流量检测与防护系统微电子学与计算机2006年VOL.23 NO.5
[19]涂旭平,金海,何丽莉,杨志玲,陶智飞一种新的网络异常流量检测模型计算机科学2005年VOL.32 NO.8
[20]薛丽军,第文军,蒋世奇一种新的网络流量异常检测方法燃气涡轮试验与研究2003年VOL.16 NO.3
[21]卿斯汉,蒋建军,马恒太,文伟平,刘雪飞入侵检测技术研究综述通信学报2004年VOL.25 NO.7
[2]孟洛明 网络管理研究中的问题、现状和若干研究方向 北京邮电大学学报2003
[3]Roy A.Maxion,Frank E.Feather A Case Study of Ethernet Anomalies in a Distributed Computing Environment IEEE Transactions on Reliability VOL.39,NO.4,1990 October
[4]Frank Feather,Dan Siewiorek and Roy Maxion,Fault detection in an Ethernet network using anomaly signature matching[C].ACM SIGCOMM'93 199323(4)
[5]Marina Thottan and Chuanyi Ji.Proactive anomaly detection using distributed intelligent agents.IEEE Network,September/October 1998.
[6]Amy Ward,Peter Glynn and Kathy Richardson.Internet Service Performance Failure Detection.Performance Evaluation Review,1998,26(3).
[7]V Alarcon-Aquino and J A Barria.Anomaly detection in communication networks using wavelets,IEE Proc.-Commum.,December 2001,148(6).
[8]Paul Barford and David Plonka.Characteristics of network traffic flow anomalies.In Proceedings of the ACM SIGCOMM Internet Measurement Workshop,Nov.2001
[9]Luca Deri,Stefano Suin,Gaia Maselli,Design and Implementation of an Anomaly Detection System:an Empirical Approach.Proceedings of Terena TNC 2003,Zagreb,Croatia,May 2003
[10]Abdelnaser Adas,Traffic Models in BroadBand Networks[J],IEEECommunication Magazine 1997
[11]Glbert A C,et al,Scaling annalisis of random cascade,with application to network traffic,IEEE Trans.Inform,Theory,1999,45(3)
[12]HEFFES H.LUCANTONI D M,A Markov modulated characterization of packetized voice and data traffic and related statistical multiplexs performance,IEEE JSAC,1986 4(9)
[13]A.Adas Using Adaptive Linear Predication to Support Real-Time VBR Video Under RCBR Network Serivce Model IEEE/ACM Transaction on Networking Vol.6,No.5,Oct 1998,pp.635-644.
[14]邹伯贤,李忠诚 基于AR模型的网络异常检测微电子学与计算机2002年第12期
[15]邹伯贤,刘强 基于ARMA模型的网络流量预测 计算机研究与发展2002VOL.39 NO.12
[16]邹伯贤 网络异常的检测与诊断方法 小型微型计算机系统2004年VOL.25 NO.4
[17]王平,方斌兴,云晓春基于自动特征提取的大规模网络蠕虫检测通信学报2006年VOL.27 NO.6
[18]肖志新,杨岳湘,杨霖一个基于NetFlow的异常流量检测与防护系统微电子学与计算机2006年VOL.23 NO.5
[19]涂旭平,金海,何丽莉,杨志玲,陶智飞一种新的网络异常流量检测模型计算机科学2005年VOL.32 NO.8
[20]薛丽军,第文军,蒋世奇一种新的网络流量异常检测方法燃气涡轮试验与研究2003年VOL.16 NO.3
[21]卿斯汉,蒋建军,马恒太,文伟平,刘雪飞入侵检测技术研究综述通信学报2004年VOL.25 NO.7