Large-data-flow-based network traffic abnormality detection system and method

The invention discloses a large-data-flow-based network traffic abnormality detection system and method. The large-data-flow-based network traffic abnormality detection method is characterized by comprising the following steps: acquiring network packet information in network equipment in real time in a distributed manner; transmitting the network packet information to a distributed flow processing platform in real time for network data analysis, feature matching and access counting; storing the analyzed and detected network data into a large data platform according to an abnormal status so as to facilitate clustering analysis and classified training of the network data and dynamically update a network data protocol characteristic library. Through the system and the method, real-time detection is achieved through a distributed flow-type processing mechanism; through distributed storage of the large data platform and through the data calculating and analyzing capability, the distributed storage of the network data is achieved and the network data protocol characteristic library can be trained more accurately.