| With the rising of the development of the next generation network transformation, the network security entered a new era. The Internet is filled with the unwanted traffic, which generated by virus, Trojans, Hacking or other threats. These threats are endangering the users, and are damaging the whole availability of the Internet. Backbone traffic detecting and protecting is an important matter to handle these involute problems. The method, traffic behavior analysing by Deep/Dynamic Flow Inspection based IP flows, is a common and an effective method facing the Big Data from the backbone.The research discussed about the definition of unwanted traffic, and then talked about detecting unwanted traffic based the Hot Host Event and the detecting of unwanted traffic from WEB servers. Both of them used the DFI method.First the Hot Host Events were classified into different behaviors. Unsupervised Classification was used to exact properties from IP flows and clustering Hot Host Events to different types. Then unwanted traffic could be detected from them. This method was implemented in the real network environment.A lot of UDP DRDoS events were found from the Hot Host Events. An algorithm model was raised for it. The algorithm took the Chargen protocol as an example.Finally, this research described the traffic behavior of WEB servers into different types including port abnormal, traffic abnormal, WEB scans and so on. A feature matching algorithm was used to detecting unwanted traffic from them. |
PDF Full Text Request