| With the continuous development of network applications, how to detect the abnormal behaviors from network data streams and give early warnings, network security management has become an important area of research on network security management.At first the network anomaly and detection theories are researched. The commonly used network anomaly detection technologies and analysis methods are made a comparison of to analyze the advantages and disadvantages.A dynamic time slice packets collection method is designed and implemented to improve the result of the detection.On this basis, a anomaly database is planned to complete the anomaly data's storage and management. Then, for the worm attacks, this paper analyzes their behavioral characters and designs a early worm detection algorithm. For the anomaly caused by DDoS, the analysis of the host behaviors which are attacked is made to design a behavior-based DDoS attack detection method. A prototype system is implemented and worm detection module is functional verified and analyzed. Thus, DDoS attack detection method designed in this paper is verified. The results show that the abnormal detection system designed in this paper could detect effectively worm and DDoS attacks. |
PDF Full Text Request