基于端口号进行网络流量分析的Netflow技术无法准确地回答网络流分别由哪些应用协议组成及其比例等问题,也不能提供web用户行为数据来反映用户对大多数网站的访问情况。为改进上述缺陷,提出一种增强的Netflow数据采集系统。结合flow和深度包检测技术进行精确的应用协议识别,对web用户行为数据进行采集与动态存储,为网络流量监测与分析提供全面的数据支撑,设计并实现该系统,验证了其有效性和可行性。%Port-based traffic identification that employed in Netflow technique for protocol analysis fails to answer the composi-tion and proportion of the traffic accurately,meanwhile,details can not be adequately provided for analysis of most site access be-havior.To overcome above defects,an enhanced Netflow data collection method was proposed.Flow and deep packet inspection technique were combined for accurate application identification,the site access behavior data were collected and stored dynamical-ly,which laid a comprehensive data foundation for traffic analysis.Finally,the feasibility and effectiveness of the system were verified.
展开▼