摘要： 传统的入侵检测系统通常需要对攻击预先了解，在流量分析和异常检测方面存在不足。该文提出一种新的基于流的统计分析模型，通过构建网络的行为特征库，实时监测和发现网络异常，基于该分析技术设计和实现了一个网络监控系统原型。该原型可以监测和发现网络中可疑代码，并进行实时跟踪。

关键词: 网络监控, 网络行为, 行为分析

Abstract: Traditional Intrusion Detection Systems(IDSs) requires prior knowledge of attacks, loses effectiveness in flow analysis and abnormity detection. This paper proposes a new flow-based network behavior analysis model, which monitors and detects abnormity of network by building up a network behavior features base for each host. Based on this technology, a network monitor prototype system is designed and implemented. The system can detect malicious codes and track them in real time.

Key words: network monitor, network behavior, behavior analysis

中图分类号: 

• TP393