A SCALABLE NETWORK THREAT WARING SYSTEM ARCHITECTURE OF THE PLATFORM.pdf

A SCALABLE NETWORK THREAT WARING SYSTEM ARCHITECTURE OF THE PLATFORM Zhang Lijuan Electronic and communication engineering, Shenzhen Polytechnic， china 518055 Keywords: network monitoring data anomaly detection of network threat warning Abstract: in this paper, based on the SOA design of a large-scale network monitoring data for anomaly detection and alarm system architecture, focusing on the anomaly detection model and network threat early warning model to do an in-depth study and analysis. 1． Introduction With the construction of IT system continue to expand the scale and the rapid popularization of Internet, the security of IT system management becomes more and more complex. Network traffic anomaly monitoring is an important part of IT network monitoring, the anomaly traffic detection and analysis, the user can timely discover network abnormal, so as to take effective measures to solve the. The current network traffic monitoring using flow threshold approach, namely the network administrator to set the system flow rate threshold, when the flow exceeds the threshold is generated when the threat warning. Such a system alarm depends entirely on the threshold level, the probability of false alarm is very large. Therefore, more effective network traffic anomaly detection model for system security management is very necessary. According to enterprise internal network to recommend a set of effective and targeted network traffic anomaly detection model, this model can effectively detect the internal abnormal condition. 2． the overall plan and architecture Network threat warning platform is based on an SOA network threat monitoring data computing system, as shown in figure. Monitoring data is computed for each of the activities are regarded as a Web service, Web service provides data preprocessing, data association analysis, visual analysis and security screening function; based on user needs, can be dynamically based on WEB servic