Research And Implementation Of Network Traffic Anomaly Detection System

The rapid development of information technology has made computer networks play an important role in various fields,the demand and dependence of users on the Internet is gradually increasing.At the same time,network attacks are showing a diversified trend,the number of malicious attacks on the network is also increasing.Abnormal network behavior is usually manifested in the corresponding network traffic.Therefore,it is possible to determine whether there is malicious behavior in the network by analyzing the network traffic.This paper uses the prediction-classification structure to complete the detection of abnormal network traffic,proposes the corresponding network traffic prediction method and time series classification method,and builds a complete abnormal network traffic detection prototype system.The main research work and results of this paper include the following:First,a traffic forecast method based on neural network and autoregressive model is proposed.There are temporal characteristics and spatial correlations in real network traffic,and the short-term and long-term repetitive patterns in the traffic sequence will cause trends and periodicity in the data.These contents are not considered in the existing network traffic forecasting schemes,which affects Forecast accuracy.This paper proposes a traffic prediction model based on neural networks and autoregressive models.The model is divided into two parts: linear and non-linear components.The linear and non-linear data in the traffic are processed separately,and the result of two components are combined to get the final prediction result.Simulation experiment results show that the classification accuracy of the proposed method is higher than that of the comparison model,which can effectively improve the accuracy of network traffic prediction.Secondly,in response to the increasing demand for high scalability and high realtime performance in time series classification tasks,a time series classification method based on wavelet noise reduction and hybrid bag-of-words model is proposed.The feature generation and feature selection of time series are completed by using supervised symbolic representation and hybrid bag-of-words model to reduce the dimensionality of the feature space,and select the most discriminative features,finally low-time complexity logistic regression is used for classification.Features with high discrimination can improve the accuracy of classification,while low-dimensional feature spaces and logistic regression algorithms reduce the running time of the model.The simulation experiment proves that compared with the comparison model,the proposed model not only improves the classification accuracy,but also effectively ensures the real-time performance.Finally,based on the above two network traffic prediction and classification methods,combined with the design of a network traffic collection system,a prototype system for network abnormal traffic detection is designed and implemented,and its performance is tested with actual network traffic data.The system consists of four subsystems: network traffic collection and preprocessing,network traffic prediction,abnormal traffic classification,and WEB visualization management.Each subsystem is composed of two functional modules.The prototype system can collect target network traffic,process it and judge the traffic type through the prediction and classification subsystem,and display the malicious traffic in the anomaly analysis module.At the same time,the system supports traffic viewing and analysis of individual traffic characteristics.