基于NetFlow和sFlow融合的异常分析检测系统

In order to solve the problem of incomplete coverage of single protocol data and information and analyze the normal state of the network, first of all, this dissertation researches and analyzes data format and function analysis of the protocol of NetFlow and sFlow. Combining the characteristics of the two protocols, a fusion method based on NetFlow and sFlow protocol field is proposed, and is proven to have advantages compared with the fusion methods based on a single protocol through experiments. Secondly, according the analysis of network abnormal phenomena characteristics and the research of anomaly detection methods based on network flow, combining the characteristics of the fusion data of network flow, this dissertation proposes an anomaly detection method based on fusion of NetFlow and sFlow network flow. Combing the characteristics of network flow anomaly detection method, the proposed method sets the monitoring of normal network and made classification to detect abnormal phenomena, in order to monitor the current network automatically and effectively. Finally, this dissertation analyzes the function of system based on NetFlow and sFlow, and studying the system's structure, designing and implementing each module. Then we make deployments towards system according to the experimental network, to verify the function of each module and advantage.