| Based on the analysis of network data package content, it represents the network behavior in order to design the network behavior analysis system. Although, it is able to extract the feature of network data to match the local-known abnormal feature library, the consequence depends entirely on the capacity of abnormal feature library. It results in the limitation of matching capability. In order to tackle this issue, it is optimistic to use automatic identification technology to research the network behavior.Network anomaly behavior automatic identification system is an integrated recognition system which utilize of Information Security Technology and Network Communication Technology. The research content shows below:This paper illustrates to design an automatic identification system for testing the network anomaly behavior based on network data package content. The system capture and extract the feature of network data package, then match and analyze the behavior of network data package, finally proposed an improved K-means algorithm and make use of the SVM classification method, which could analyze the new unknown abnormal behavior and put the behavior into the anomaly library updating.Eventually, through the comprehensive test, the results entirely verified the accuracy of paper’s algorithm proposed. Our automatic identification system network could recognize more than 200 strings of abnormal data, and the recognition rate could reach 95% or more, which improved the matching ability; the improved K-means algorithm could do theoretical test for UCL data, and the consequence proves that the method uses less time in classification of clustering and reveals more accuracy. |
PDF Full Text Request