Research On The Fusion And Analysis Method Of Flows For NSSA Based On SNMP And Netflow

Provided as a convenience for people on the Internet has also brought a variety ofsecurity risks, such as viruses, trojans,worms,hackers and other Internet hazardsabound,bringing enormous challenges to national security and economic development. As anew technology in the field of network security, network security situational awareness(NSSA) has a very important significance to enhancing network security. The accuracy andtimeliness of the situational awareness system depends on the data source and data fusionmethod used. Using flows as the data source, this thesis has researched on data fusion methodbased on SNMP and NetFlow;improved the analysis technology of the status about networkoperation and security;improved the accuracy, timeliness, and comprehensiveness of thesituational awareness;whitch has effectively supported the research on NSSA.Firstly, this thesis provided an analysis of the severe situation of network security,research progress of NSSA and present situation of research in the related areas.It alsoelaborated on the principles of net flow technology (using NetFlow), as well as the advantagesand disadvantages of using NetFlow as the data source.Secondly, according to the NetFlow’s defects on data acquisition of interface andperformance, this thesis provided a net flow data fusion method,whitch based on SNMP andNetFlow,and improved the classic Apriori algorithm, according to system features, to come upwith a depth-first DAP association rule mining algorithm.Thirdly, to expand the content of NSSA, this thesis divided the network securitysituational into two parts: network operation status and network security status. Together withthe fusion method above, it also designed and achieved the fusion and analysis system offlows for NSSA based on SNMP and NetFlow.Additionally, this thesis provided a priori network security event generation methodbased on network normal status.Together with the posteriori method usually used (methodbased on the abnormal features), it can protect the network security comprehensively.Finally, experiment reasult proved the validity of the methods and system mentioned inthis thesis.