基于OpenFlow的校园网异常流量的识别及管理
发布时间:2019-03-27 18:32
【摘要】:随着互联网技术的飞速发展,网络中的流量越来越丰富,并且对网络传输的可靠性、实时性和安全性的要求也越来越高。随之而来的网络异常流量攻击,给人们的生活带来了严重的潜在威胁,影响到互联网的正常运行。其中,异常流量对网络的危害主要体现在两个方面:第一方面是占用大量的网络资源,包括交换机等网络设备;第二方面是造成互联网的网络拥堵,从而使网络数据包的时延增大,产生丢包行为,甚至导致网络瘫痪不可用。因此对网络异常流量的检测和识别成为一个关键性的研究热点和问题。 本文基于当前最流行热门的网络模型OpenFlow来对校园网环境下的异常流量进行识别和管理。通过研究对异常流量的检测和识别,在总结前人经验基础之上基于OpenFlow平台实现一套网络异常流量的识别管理系统展开以下一系列工作和创新之处,主要包括流量采集抽样模块,异常流量识别模块和异常流量管控模块三大模块来对异常流量进行处理。 (1)流量采样模块是基于OpenFlow平台对流量进行采样,在OpenFlow交换机上安装流量采集节点,通过采用自适应的动态采样算法对经过流表查询的数据包进行捕获统计,并作基本的过滤和协议分析。将采集得到的数据作为训练数据集,通过对数据进行分流,使流量进行预处理,按照网络流量的协议进行聚类,建立相应的IP群,同时生成训练样本数据集,对样本数据集进行属性分析,让训练样本生成聚类数据,同时对聚类的数据进行标记。 (2)异常流量检测识别模块是将采集到的数据集作为分析粒度,运用数据挖掘相关技术及算法对数据记录进行划分并找出数据记录之间的相互关系及隐含的、有用的模式和规则,划分出正常行为库和异常行为库,然后对异常行为库进行模式分析,通过在OpenFlow控制器中设置过滤规则,通过将异常行为库与过滤规则进行匹配从而识别出异常流量。数据挖掘的算法采用K-means算法,对于大流量的计算具有可伸缩和高效性,可以达到局部最优。 (3)异常流量管控模块主要包括如何定制过滤规则以及生成决策树,对异常数据包的分类处理和分析协议结构以及信息反馈。 最后通过仿真平台Mininet和Floodlight搭建实验模拟平台,通过模拟流量的收发和模拟网络攻击验证了本文设计的模型的正确性和可行性。
[Abstract]:With the rapid development of Internet technology, the traffic in the network becomes more and more abundant, and the reliability, real-time and security requirements of network transmission are also higher and higher. The following network abnormal traffic attacks have brought serious potential threats to people's lives and affected the normal operation of the Internet. Among them, the harm of abnormal traffic to the network is mainly reflected in two aspects: the first aspect is to occupy a large number of network resources, including switches and other network equipment; The second aspect is to cause the network congestion of the Internet, so that the delay of the network packet increases, resulting in packet loss behavior, and even makes the network paralyzed unusable. Therefore, the detection and identification of network abnormal traffic has become a key research hotspot and problem. This paper is based on the most popular network model OpenFlow to identify and manage abnormal traffic in campus network environment. By studying the detection and identification of abnormal traffic, on the basis of summarizing the previous experience, a set of network abnormal traffic identification management system based on OpenFlow platform is implemented, including the following a series of work and innovations, mainly including the flow sampling module. Abnormal traffic identification module and abnormal flow control module to deal with abnormal traffic. (1) the flow sampling module is based on the OpenFlow platform to sample the traffic, install the traffic collection node on the OpenFlow switch, and capture the data packets after the flow table query by adopting the adaptive dynamic sampling algorithm. And basic filtering and protocol analysis. The collected data are used as training data set, and the traffic is pre-processed by dividing the data, clustering according to the network traffic protocol, establishing the corresponding IP group, and generating the training sample data set at the same time. Attribute analysis is carried out on the sample data set to make the training sample generate cluster data and mark the clustering data. (2) the anomaly flow detection and recognition module takes the collected data set as the analysis granularity, uses the data mining related technology and algorithm to divide the data record and find out the relationship and implicature among the data records. Useful patterns and rules, divided into normal behavior database and abnormal behavior database, and then the abnormal behavior database for pattern analysis, by setting filtering rules in the OpenFlow controller, The abnormal traffic is identified by matching the exception behavior library with the filtering rules. The algorithm of data mining adopts K-means algorithm, which is scalable and efficient for the computation of large traffic, and can reach the local optimum. (3) abnormal traffic control module mainly includes how to customize filtering rules and generate decision tree, classify and analyze the protocol structure of abnormal data packets and feedback information. Finally, Mininet and Floodlight are used to build the simulation platform, and the correctness and feasibility of the model are verified by the simulation traffic receiving and network attack simulation.
【学位授予单位】:大连理工大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.18
本文编号:2448444
[Abstract]:With the rapid development of Internet technology, the traffic in the network becomes more and more abundant, and the reliability, real-time and security requirements of network transmission are also higher and higher. The following network abnormal traffic attacks have brought serious potential threats to people's lives and affected the normal operation of the Internet. Among them, the harm of abnormal traffic to the network is mainly reflected in two aspects: the first aspect is to occupy a large number of network resources, including switches and other network equipment; The second aspect is to cause the network congestion of the Internet, so that the delay of the network packet increases, resulting in packet loss behavior, and even makes the network paralyzed unusable. Therefore, the detection and identification of network abnormal traffic has become a key research hotspot and problem. This paper is based on the most popular network model OpenFlow to identify and manage abnormal traffic in campus network environment. By studying the detection and identification of abnormal traffic, on the basis of summarizing the previous experience, a set of network abnormal traffic identification management system based on OpenFlow platform is implemented, including the following a series of work and innovations, mainly including the flow sampling module. Abnormal traffic identification module and abnormal flow control module to deal with abnormal traffic. (1) the flow sampling module is based on the OpenFlow platform to sample the traffic, install the traffic collection node on the OpenFlow switch, and capture the data packets after the flow table query by adopting the adaptive dynamic sampling algorithm. And basic filtering and protocol analysis. The collected data are used as training data set, and the traffic is pre-processed by dividing the data, clustering according to the network traffic protocol, establishing the corresponding IP group, and generating the training sample data set at the same time. Attribute analysis is carried out on the sample data set to make the training sample generate cluster data and mark the clustering data. (2) the anomaly flow detection and recognition module takes the collected data set as the analysis granularity, uses the data mining related technology and algorithm to divide the data record and find out the relationship and implicature among the data records. Useful patterns and rules, divided into normal behavior database and abnormal behavior database, and then the abnormal behavior database for pattern analysis, by setting filtering rules in the OpenFlow controller, The abnormal traffic is identified by matching the exception behavior library with the filtering rules. The algorithm of data mining adopts K-means algorithm, which is scalable and efficient for the computation of large traffic, and can reach the local optimum. (3) abnormal traffic control module mainly includes how to customize filtering rules and generate decision tree, classify and analyze the protocol structure of abnormal data packets and feedback information. Finally, Mininet and Floodlight are used to build the simulation platform, and the correctness and feasibility of the model are verified by the simulation traffic receiving and network attack simulation.
【学位授予单位】:大连理工大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.18
【参考文献】
相关期刊论文 前5条
1 韩君,张焕国,罗敏;一种基于数据挖掘的分布式入侵检测系统[J];计算机工程与应用;2004年08期
2 刘颖秋;李巍;李云春;;网络流量分类与应用识别的研究[J];计算机应用研究;2008年05期
3 刘磊;李闻天;肖^j;王荣彬;;校园网中P2P应用的管理策略及流量监控初探[J];昆明理工大学学报(理工版);2008年03期
4 朱琳;朱参世;;滑动窗口数据流聚类算法在IDS中的应用[J];计算机工程与应用;2014年01期
5 王风宇;云晓春;王晓峰;王勇;;高速网络监控中大流量对象的提取[J];软件学报;2007年12期
,本文编号:2448444
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2448444.html
