Abstract: Concealment of the network security problems appear increasingly strengthen, more durable, lethality spread more widely. A single or a few data sources is difficult to find more concealed abnormal network events. Meaning while, facing the huge-scale data some methods such as data mining, classification, neural network, association rules, decision algorism, as the reason itself, are still existing the bottlenecks in the computing power. Base on the big data platform, the article puts forward a real-time monitoring system architecture to detect the abnormal traffic in the massive network. The article discusses the key technologies and methods. The platform build up an architecture combining the offline batch computing and real-time streaming processing together. Through the analysis of the flow rate, security logs and other large source data, it implements to monitor the network at instance and detect the abnormal flow in real-time, such as DDoS attack, worms, scanning, and password probe.

Key words: network abnormal traffil, cloud computing detection, massive-scale network, big data of network security