Research On Network Behavior Analysis Based On Stream Data Clustering

Along with the rapid development of global information construction, various network applications have gone deeply into people's daily life and each domain of National Economy. With the popularization of the network technology, various ploblems have been increasing so continuously. Network security is more important than before. Network behavior analysis (NBA) has become an important method of network security protection, NBA can identify unusual attack in network traffic and users operate over authority. Traditional network safety production can not deal with zero-day attack and the network attacks come inside the Intranet, network behavior analysis can solve the problem effectively. Stream data mining especially suitable for network flow . stream data mining can improve the performance and the accuracy of network behavior analysis system.This thesis introduces and studies streaming data mining algorithm firstly,introduces the concept of various mining algorithm and research results. existing streaming data clustering algorithm unsuited to high dimensional streaming data or don't have the ability of processing the data with mixed data types, to solve this problem, in this paper, GTMS is proposed for clustering stream data, The algorithm is based on classical data stream clustering algorithm CluStream, GTMS can calculates the similarity of mixing data by using geometric adjacency and information gain found, to improve processing efficiency, grid and minimum spanning tree techniques is used. The algorithm has good clustering purity and execution seed for mixed data types.This thesis introduces the current research status and the technology features of network behavior analysis, studies the complementarity between NBA and traditional network security technology. And analyzes the requirement of the system's functionality and performance, on this basis, we proposed a systematic design of network behavior analysis based on streaming data clustering, adopt misuse detection and anomaly detection to make the system have ability in detecting unknown intrusion modes, and detect known attacks accurately, reduces the misapprehensive and transudatory rates.The algorithm has good clustering purity, GTMS has good efficiency with more stream data, the algorithm is suitable to the stream data with mixed data types. Test results in LAN show that the improved system have the function of anomaly detection .