信息网络安全 ›› 2014, Vol. 14 ›› Issue (9): 1-5.doi: 10.3969/j.issn.1671-1122.2014.09.001

• 优秀论文 •    下一篇

大规模网络异常流量实时云监测平台研究

李天枫1, 2, 3, 姚欣1, 2, 3, 王劲松1, 2, 3   

  1. 1.天津理工大学计算机与通信工程学院,天津 300384;
    2. 计算机病毒防治技术国家工程实验室,天津 300457;
    3. 智能计算及软件新技术天津市重点实验室,天津 300384
  • 收稿日期:2014-08-06 出版日期:2014-09-01
  • 作者简介:李天枫(1989-),男,天津,硕士研究生,主要研究方向:计算机网络、信息安全;姚欣(1989-),男,重庆,硕士研究生,主要研究方向:计算机网络、信息安全;王劲松(1970-),男,天津,教授,博士,主要研究方向:计算机网络、信息安全、互联网技术、云计算。
  • 基金资助:
    国家自然科学基金[61272450]

Cloud Platform based Real-time Monitoring of the Abnormal Traffic in Massive-scale Network

LI Tian-feng1, 2, 3, YAO Xin1, 2, 3, WANG Jin-song1, 2, 3   

  1. 1. School of Computer and Communication Engineering, Tianjin University of Technology, Tianjin 300384, China;
    2. A Computer Virus Prevention and Control Technology, Tianjin 300457, China;
    3. Tianjin Key Laboratory for Computational Intelligence and Novel Software Technology, Tianjin 300384, China
  • Received:2014-08-06 Online:2014-09-01

摘要: 网络安全问题呈现出隐蔽性越发增强、攻击更加持久、杀伤力波及更广等特征。单一或少数的数据源很难发现更加隐蔽的异常事件,同时一些针对入侵检测的数据挖掘、神经网络、关联规则、决策分类的算法由于算法本身的原因,对于大规模的数据存在计算能力上的瓶颈。文章提出了一种基于大数据平台的大规模网络异常流量实时监测系统架构,并讨论了关键技术和方法。该平台将离线的批处理计算和实时的流式处理计算相结合,通过对流量、日志等网络安全大数据的分析,实现对于DDoS、蠕虫、扫描、密码探测等异常流量的实时监测。

关键词: 网络异常流量, 云监测, 大规模网络, 网络安全大数据

Abstract: Concealment of the network security problems appear increasingly strengthen, more durable, lethality spread more widely. A single or a few data sources is difficult to find more concealed abnormal network events. Meaning while, facing the huge-scale data some methods such as data mining, classification, neural network, association rules, decision algorism, as the reason itself, are still existing the bottlenecks in the computing power. Base on the big data platform, the article puts forward a real-time monitoring system architecture to detect the abnormal traffic in the massive network. The article discusses the key technologies and methods. The platform build up an architecture combining the offline batch computing and real-time streaming processing together. Through the analysis of the flow rate, security logs and other large source data, it implements to monitor the network at instance and detect the abnormal flow in real-time, such as DDoS attack, worms, scanning, and password probe.

Key words: network abnormal traffil, cloud computing detection, massive-scale network, big data of network security