网络恶意流量检测与分类方法研究

网络恶意流量检测与分类方法研究Absrtact:The classification and detection technology of network abnormal traffic is animportant technology in network operation and maintenance management.Therefore,it hasattracted extensive attention of network security researchers,and has proposed a feasibleclassification and detection method for abnormal traffic.In recent years,deteriorating networksecurity incidents have promoted the continuous progress of network anomaly traffic classificationand detection technology,and new technologies have been proposed continuously.However,withthe continuous construction and use of networks with larger and larger scale and more and morecomplex topological structures,the traditional network anomaly traffic detection method based onport or traffic feature statistics can no longer meet the impact of super-large traffic data flow,norcan it meet the real-time detection requirements of current time complexity.The main timeconsumption of network abnormal traffic detection is concentrated on the pretreatment of networktraffic data and the establishment of rule sets.Therefore,the key to solve the bottleneck of large-scale network abnormal traffic classification detection technology lies in the data pretreatment andthe establishment of rule sets.On the basis of studying granularity representation,extraction ofcharacteristic parameters of abnormal network traffic and big data technology,a classification anddetection method of abnormal network traffic based on behavior analysis is proposed.This methodcombines machine learning algorithm and big data processing tools on the basis of network trafficbehavior analysis,and effectively reduces the time consumption of detection algorithm in theprocess of data preprocessing and rule set establishment on the basis of ensuring real-time detection.The simulation results show that the method not only performs well in the classification anddetection of abnormal network traffic,but also has the ability to collect unknown attacks,which caneffectively ensure the smooth and normal operation of the network.Key words:behavior analysis,malicious traffic detection,big data2