关键词: 网络流, 流量采集, 信息熵, 异常流量, 流量可视化, 流量监测系统

Abstract: Through the analysis of network traffic, the network condition reflecting, abnormal behavior mining, network security situation awareness are enabled. Large scale network flow has mass data and wide range dimensions. Aiming at these features, in order to monitor network running situation and abnormity and improve the users’ awareness experience, this paper puts forward a kind of quasi real time flow reporting mechanism, designs a flow monitoring system based on 3D visualization, and combines with the flow abnormity mining method based on information entropy, through manual monitor and data mining, realizes abnormal flow visualization monitoring. It presents the monitoring system design scheme and implementation results, resolves the hard problem of network flow visualization, puts forward a kind of traffic situation scheme which is more intuitive, improves the users’ network situation awareness capability.

Key words: netflow, traffic collection, information entropy, abnormal flow, flow visualization, traffic monitor system