Network Traffic Monitoring System Based On ARM-LINUX

With the wide spread and rapid development of computer network, network security has been more and more attractive. Therefore, the network flow monitoring of server has become an important research in network application. At present, researchers have proposed lots of network flow monitoring schemes. But these systems are designed for large-scale and high-speed network, which are complex and with high cost. How to monitor server network flow for small and medium-sized enterprises (SMEs) to detect the abnormal data and reduce the deployment costs has become an important research subject in SMEs network security.This paper studied the technology of network flow monitoring and proposed a network flow monitoring scheme based on Arm-Linux architecture. The schema explored the detection method on the abnormal flow data of systems on embedded platform based on Arm-Linux architecture, which is used to achieve the purpose of maintaining the server network security and reducing the cost of protection at the same time.Firstly, this paper introduced the technologies related to network flow measurement, and with comparison them, it choose the appropriate flow acquisition mode. And it realized the packet capture and filtering by transplanting the Libpcap to the development board in order to realize flow acquisition.Secondly, this paper proposed SYN-Flood detection model and UDP-Flood detection model based on CUSUM algorithm according to attack and data flow characteristics of service denial. SYN-Flood detection model accumulated the abnormal growth rate of SYN packets and determined whether it exceeded the system threshold to judge the occurrence of SYN-Flood attacks. UDP-Flood detection model accumulated the abnormal growth rate of UDP packets and determined whether it exceeded the specific threshold to judge the occurrence of UDP-Flood attacks. The data input of the model was realized by Bloom Filter algorithm, which can be used to do compact classification and query of network flow data to improve the processing efficiency of network flow data. CUSUM anomaly monitoring model realized the detection of abnormal flow data for attacks of service denial with less overhead, low computational complexity and low misstatement rate. Finally, the system framework model could be divided into five modules to realize the on-line server network flow monitoring, which are flow acquisition the analysis, flow statistics and pre-processing module, anomaly detection module, embedded database log storage module and visualization module.