中文摘要 本研究透過以思科路由器之網路資訊流(Netflow)做為網際網路訊務資料分析的一種方式,並以建立系統雛型法(System Prototyping)的方式,於實際的網際網路環境中收集網路的存取資訊。我們產用Perl 將Netflow 資料收集並轉存於關連式資料庫中,同時利用分析模組將欲分析的統計資料(如Top-N, Protocol Distribution… etc),或使用模式(Access Pattern)或來偵測異常的連線模式(如Network Abuse,Virus Attack…etc)。 本篇研究最主要的貢獻在:提出一個經實際驗証的系統雛型,足已承受及提供大量網路流量分析,以供找出網路主要的使用模式並偵測異常狀況。本研究結果將有助於區域網路的管理和提高使用區域網路服務之使用者滿意度。
Abstract This study focuses on analysis Internet Traffic using Netflow technology, which is proposed by CISCO®. We developed a prototyping system and deployed it in an ISP environment to collect the Netflow data from the edge router of the ISP networks. We use PERL to develop the collector module to receive the flow record, and transform the data into relational database. Also, we developed various modules for generating statistically report (eg. Top-N reports, Protocol distribution reports… etc); or generating access pattern report to analysis and alarm any network resource abuse or any kind of virus attack. The major contributions of this study are on providing an methodology and prototyping system which is alive in heaving traffic volume ISP network environment; and using this system to analysis the access patterm and detect network alarm. The results can be used for better managing regional network in order to improve user satification in using regional network netwrok services