A Research On Characterization And Identification Of End Targets Based On Flow Behavior Analysis

With the increasing expansion of the Internet,how to monitor network traffic and users’ behavior,so as to build a civilized,healthy,reliable and stable network environment,has gradually attracted the attention of the researchers.Therefore,the characterization and identification of different people(that is,the end target)has become a focus of the current research.However,recent researches are limited to the classification of network flow based on flow behavior,and the researches of the characterization and identification of end targets are relatively small.For the above research status of the characterization and identification of end targets,an analysis method based on the service classification is proposed in this thesis.Firstly,by classifying the network traffic according to different service type and applying the result to the extraction and selection of the features of the flow behavior,the characterization of end hosts is obtained.Then the machine learning method and community detection algorithm are introduced.Finally,the identification of end hosts becomes possible and good results can be achieved.The main work is as follows:(1)For the identification of individual end target,this thesis proposes a classification method based on machine learning,which is used to identify a particular end target by analyzing the known flow behavior.Firstly,by classifying the network traffic according to 24 service types defined,the traffic matrix is conducted.Then by analyzing the original data packets and computing related features of flow behavior,a set of features which are used to characterize an end target is obtained after feature selection.Therefore,today’s traffic data is converted to a sample which can be used to characterize the end target.As enough sample data is collected,the sample data which is used by machine learning is obtained.After manual marking on the sample data,C4.5decision tree is used to train and test the sample data.Finally,good result is achieved.(2)For behavior similarity between individual end targets,that is,finding potential community groups in the network,this thesis proposed a community detection algorithm based on flow behavior analysis.Because of the need to measure the behavior similarity between end targets,this thesis uses Dice similarity to compute the similarity of flow behavior,as well as uses cosine similarity to compute the similarity of services.As a result,two similarity matrices are obtained.Finally,community detectionalgorithm is used to find the division of community structure based on flow behavior and services respectively.The combination of these two results is taken into consideration as the final result of community structure detecting.