Research On Technology Of Network Traffic Analysis Based On Distribution Characteristic

As the important carrier of the information which records and reflects network, network traffic is almost in connection with all behaviors correlative with network. So the analysis of traffic is significative. However, currently the concrete applications for network traffic analysis mostly lay emphasis on the real-time inquiry and statistics, and the analyzed data is confined to the original states of network traffic, and the further deep analysis could lead to delay, contrary to the real-time principle. This situation makes it harder for network administrators to acquire the deep-seated information so as to know the network states timely and precisely.In view of the above circumstances, this thesis raises a way of thinking for taking the distribution of traffic as the object of analysis. On the basis of the thinking, as the point of entry, network traffic analysis is deeply researched. The main work is outlined as follows:1. A method kit for describing the states of distribution of traffic is constructed on the basis of theory on entropy of information, which, with the distribution states of traffic in the network junction points of the lower layer, describes the network traffic information of the upper layer junction points. Finally the validity of the method kit that describes the distribution characteristic of network traffic is validated by sequential analysis.2. A modified clustering algorithm is designed on basis of hierarchical clustering and K-Means algorithms. On account of inadequate place of both the classical algorithms, the above mentioned algorithm implements it to cluster dynamically in connection with distribution characteristic of traffic. By applying the algorithm to practical network to experiment, the validity of algorithm that can differentiate the different states of traffic patterns is verified.3. A network traffic collection engine is designed and implemented based on the frame of SNMP. It utilizes the platform SNMP++ to collect traffic data for further analysis of traffic.4. The thesis designs and implements a network traffic monitoring and analyzing prototype system based on the distribution characteristic. Through monitoring two kinds of data information the volume and the distribution of network traffic, it achieves all-sided analysis of the states of network traffic.The analysis of network traffic is one of the most important content of network security management. The method proposed by this thesis, for network traffic analysis based on distribution of traffic implements it to monitor and analyze traffic from a different perspective. Meanwhile, the application of the technique provides convenience and assistance for network administrators to analyze and know the states of network as well.