资源描述:
《基于LINUX平台的流量统计与异常检测系统的设计与实现》由会员上传分享,免费在线阅读,更多相关内容在学术论文-天天文库。
1、上海交通大学硕士学位论文基于linux平台的流量统计与异常检测系统的设计与实现姓名:辛茗庭申请学位级别:硕士专业:计算机技术指导教师:夏雨人;史晓敏20080701上海交通大学工程硕士学位论文ABSTRACTDesignandRealizationofTrafficStatisticsandAnomalyDetectingSystembasedonLinuxAbstractThegoalofthispaperistodesignandimplementatrafficstatisticsandanomalydetectionsystembasedonL
2、inux.ThetechnologyoftrafficstatisticsandanormalydetectionbasedonNetFlowhavewidespreadapplicationprospect.Thispaperisbasedonapracticalproject,FocusingonseveralaspectsofNetFlow,suchasgeneration,output,collection,statistic,anomalydetectionandsoon.thispaperhasdonealotofthoroughresea
3、rches,andputforwardimprovementfortheoutputmodelandtneparameteroptimization.OntheNetFlowgeneratingandcollection,theprincipleanddataformatareunderstoodbyanalyzingthesourcecodesofnProbeandSILK.ThespecificfilestoringstructureofSILKisdiscussedinthispaper.OntheNetFlowstatistic,thispap
4、erintroducestheprinciple,compositionofSILK,alsothemainanalysistoolssuchasrwfilter,rwtotal,rwcountindetail.Thestatisticresultsofrwfiltercanonlybeexportedtoafile,namedpipeorstandardoutput,whichincreasestheriskoferrorandaffectstheefficiencyoftheimplementation.Aftermodifyingthesourc
5、ecodeofSILK,theproblemhasbeenwellsolved.OntheNetFlowabnormallydetection,thebackgroundandusedmethodsisexplained.Afine-grainedmonitoringpolicyontheabnormalprotocolandportisdeterminedbycomparingavarietyofabnormallymonitoringmethods.Inmonitoringmodel,theoptimizationofparametersdeter
6、minestheaccuracyofabnormallydetectionwarning,thustheparametersofmonitoringmodelareoptimizedmostlyinthesystem.Asawelldesignedandimplementedsystem,thehardwareoperatingenvironmentandsoftwarecomponentsofsystemaredisplayedinthispaper,alsothedesignsandimplementsoffunctionmodels,flowch
7、arts.Asmall-scaletestingenvironmentisconstructedtotestthemethodsinthispaper.Thesystemhasbeenappliedinasmallnetworkenvironment,whichcandetectDOS,DDOS,wormsandotherattackingpacketsquicklyandeffectively.Theresearchesonmethodsofanomalyflowmonitoringmaybehelpfultotheworksinthefuture.
8、Keywords:NetFlow,nProbe,SiLK,trafficstatistics,
