Blood examination-based network traffic analysis framework
网络信息流的血检分析模型

Network information stream, similar to the blood in human being, can function as the indicator of security and health status. Fluctuations of the ingredients probably implicate the changes or potential threats to the security and stability of the whole system. The mechanism of blood-examination used in medical diagnosis was employed to help analyze the security status of network. A blood-examination-based network traffic analysis framework (BETA) was presented. Firstly, the target system for traffic analysis was set up based on Hurst exponent and typical traffic packets. Secondly, the design of the knowledge base for BETA was given, and the knowledge representation was described. After that, the implementation of traffic analysis engine was expounded, and the steps of Prerequisite-Generation Algorithm (PGA) and Diagnosis Algorithm (DA) were given out in detail to realize the diagnosis of network security. At the end, the architecture of BETA and some implementation details were described.