Abnormal Traffic Identification Study With Firewall Based On Spark Framework

Abnormal traffic identification plays an extremely important role in the field of network security.However,with the continuous development of network transmission technologies and ICT technologies,the bandwidth of data center continues to increase,and traditional traffic identification technology has been difficult to quickly and accurately identify abnormal traffic from a large amount of network real-time data.Many new technologies such as virtualization,TRILL,VXLAN,and SDN have changed the traffic model and traffic characteristics between servers in the intranet.The method of identifying traffic by matching past traffic characteristics is no longer accurate.At present,traffic identification faces two major problems.One is that the number of samples to be detected is too large to cause long time for data analysis;the other is that the application of various network technologies has shown a great variety of traffic characteristics,and the past traffic identification methods are hardly effective.How to quickly and accurately discover abnormal traffic in a large-scale network and effectively block abnormal traffic in a timely manner is a very significant research direction.In traditional traffic identification methods,machine learning can train abnormal traffic samples to obtain a classification model that can identify traffic.When the training set has a large scale,the relative training time is also longer,and the results are too late for network security protection.In addition,the accuracy of abnormal traffic identification based on machine learning is also heavily dependent on the training set,the test set,and the training algorithm.Combining the big data computing framework Spark,neural network algorithm and Linux firewall,this paper proposes a network security protection architecture that can quickly identify and block abnormal traffic,and explains the related technology and theoretical process of data acquisition,storage,calculation,identification and protection of the architecture,and experimentally proved the feasibility of the architecture.