网络异常流量智能感知模型构建

Establishment of Intelligent Perception Model of Abnormal Network Traffic

为了实现网络流量特征的高效、准确检测,保障信息系统安全可靠运行,提出一种网络异常流量智能感知模型。分析了传统网络异常流量检测方法的局限性,研判了流量检测、风险评估等方面的关键技术,提出了由流量采集和甄别、数据清洗、数据管理、威胁分析和评估应用五大模块构成的智能感知模型,并形成流式建模设计。以网络流量数据统计为基础,保证模型可以应对各种来源数据的采集和分析任务;完备的数据清洗能力能够对多种设备产生的数据进行汇聚和关键性标注;高可靠的数据管理体系能够保障海量数据得以安全存储和及时计算;充分的威胁分析手段支撑了对异常数据的持续检测预警,识别出隐藏在数据背后的攻击事件并得到充分的刻画、追踪;细粒度的评估应用能力保证了风险态势评估、攻击告警响应和智能感知的实现和迭代更新。该模型全方位地实现了网络异常数据的智能感知,具有较强的稳定性、安全性、持续性,为网络安全管理提供了一定的参考依据。

In order to realize the efficient and accurate detection of network traffic characteristics and ensure the safe and reliable operation of the information system,an intelligent perception model of abnormal network traffic is proposed.The limitations of detection methods for abnormal traditional network traffic are analyzed,key technologies in terms of traffic detection and risk assessment is investigated,an intelligent perception model with 5 modules,i.e.traffic acquisition&distinguishment,data cleansing,data management,threat analysis and evaluation application is proposed,and a flow modeling design is formed.Based on the network traffic data statistics,models can guarantee data collection and analysis tasks from a variety of sources.Full data cleaning capabilities allow aggregating and labeling important data generated by multiple devices.A reliable data management system can guarantee a large amount of data to be safely stored and calculated in time.Sufficient threat analysis methods support continuous detection and early warning of anomalous data,allowing recognizing,fully characterizing and tracking attack events hidden behind the data.A fine-grained assessment and application capabilities guarantee the realization and iterative update on the risk situation assessment,attack alarm response and intelligent recognition.Such a model fully realizes intelligent recognition of abnormal network data,with strong stability,security,and continuity,providing a specific reference infrastructure for network security management.