基于多元异构网络安全数据可视化融合分析方法

doi:10.11772/j.issn.1001-9081.2015.05.1379

计算机应用 ›› 2015, Vol. 35 ›› Issue (5): 1379-1384.DOI: 10.11772/j.issn.1001-9081.2015.05.1379

基于多元异构网络安全数据可视化融合分析方法

张胜^1,2, 施荣华¹, 赵颖¹

1. 中南大学信息科学与工程学院, 长沙 410083;
2. 湖南商学院现代教育技术中心, 长沙 410205

收稿日期:2014-12-05 修回日期:2015-01-12 出版日期:2015-05-10 发布日期:2015-05-14
通讯作者: 张胜
作者简介:张胜(1975-),男,湖南株洲人,博士研究生,CCF会员,主要研究方向:网络信息安全、计算机支持的协作学习、网络软件; 施荣华(1963-),男,湖南长沙人,教授,博士,主要研究方向:计算机通信保密、网络信息安全; 赵颖(1980-),男,湖南长沙人,讲师,博士,主要研究方向:信息可视化、可视分析.
基金资助:
国家自然科学基金资助项目(61402540).

Visual fusion and analysis for multivariate heterogeneous network security data

ZHANG Sheng^1,2, SHI Ronghua¹, ZHAO Ying¹

1. School of Information Science and Engineering, Central South University, Changsha Hunan 410083, China;
2. Modern Educational Technology Center, Hunan University of Commerce, Changsha Hunan 410205, China

Received:2014-12-05 Revised:2015-01-12 Online:2015-05-10 Published:2015-05-14

摘要/Abstract

摘要：

随着现代网络安全设备日益丰富,安全日志呈现多元异构趋势.针对日志数据量大、类型丰富、变化快等特点,提出了利用可视化方法来融合网络安全日志,感知网络安全态势.首先,选取了异构安全日志中有代表性的8个维度,分别采用信息熵、加权法、统计法等不同算法进行特征提取;然后,引入树图和符号标志从微观上挖掘网络安全细节,引入时间序列图从宏观展示网络运行趋势;最后,系统归纳图像特征,直观分析攻击模式.通过对VAST Challenge 2013竞赛数据进行分析,实验结果表明, 该方法在帮助网络分析人员感知网络安全态势、识别异常、发现攻击模式、去除误报等方面有较大的优势.

关键词: 网络安全可视化, 多元异构数据, 特征提取, 树图和符号标志, 时间序列图

Abstract:

With the growing richness of modern network security devices, network security logs show a trend of multiple heterogeneity. In order to solve the problem of large-scale, heterogeneous, rapid changing network logs, a visual method was proposed for fusing network security logs and understanding network security situation. Firstly, according to the eight selected characteristics of heterogeneous security logs, information entropy, weighted method and statistical method were used respectively to pre-process network characteristics. Secondly, treemap and glyph were used to dig into the security details from micro level, and time-series chart was used to show the development trend of the network from macro level. Finally, the system also created graphical features to visually analyze network attack patterns. By analyzing network security datasets from VAST Challenge 2013, the experimental results show substantial advantages of this proposal in understanding network security situation, identifying anomalies, discovering attack patterns and removing false positives, etc.

Key words: network security visualization, multiple heterogeneous data, feature extraction, treemap and glyph, time-series chart

中图分类号:

TP391

张胜, 施荣华, 赵颖. 基于多元异构网络安全数据可视化融合分析方法[J]. 计算机应用, 2015, 35(5): 1379-1384.

ZHANG Sheng, SHI Ronghua, ZHAO Ying. Visual fusion and analysis for multivariate heterogeneous network security data[J]. Journal of Computer Applications, 2015, 35(5): 1379-1384.

参考文献

[1] SHIRAVI H, SHIRAVI A, GHORBANI A. A survey of visualization systems for network security[J]. IEEE Transactions on Visualization and Computer Graphics, 2012, 18(8):1313-1329.
[2] FINK G A, MUESSIG P, NORTH C. Visual correlation of host processes and network traffic[C]// Proceedings of the 2005 IEEE Workshop on Visualization for Computer Security. Piscataway: IEEE, 2005:11-19.
[3] BOSCHETTI A, MUELDER C, SALGARELLI L, et al. TVi: a visual querying system for network monitoring and anomaly detection[C]// Proceedings of the 8th International Symposium on Visualization for Cyber Security. New York: ACM, 2011: 1-10.
[4] BRAUN L, VOLKE M, SCHLAMP J, et al. Flow-inspector: a framework for visualizing network flow data using current Web technologies[J]. Computing, 2014, 96(1): 15-26.
[5] SHIRAVI H, SHIRAV A, GHORBANI A. IDS alert visualization and monitoring through heuristic host selection[C]// Proceedings of the 12th International Conference on Information and Communications Security. Piscataway: IEEE, 2010: 445-458.
[6] ZHANG S, SHI R, ZHOU F. A visualization scheme based on radial panel in intrusion detection system[J]. Computer Engineering, 2014, 40(1): 16-19. (张胜, 施荣华, 周芳芳. 入侵检测系统中基于辐射状面板的可视化方法[J]. 计算机工程, 2014, 40(1): 15-19.)
[7] XI R, YUN X, JIN S, et al. Research survey of network security situation awarenss[J]. Journal of Computer Applications, 2012, 32(1): 1-4. (席荣荣, 云晓春, 金舒原, 等. 网络安全态势感知研究综述[J]. 计算机应用, 2012, 32(1): 1-4.)
[8] ZHAO Y, ZHOU F, FAN X, et al. IDSRadar: a real-time visualization framework for IDS alerts[J]. Science China Information Sciences, 2013, 56(8): 1-12.
[9] HUMPHRIES C, PRIGENT N, BIDAN C, et al. ELVIS: Extensible Log VISualization[C]// Proceedings of the 10th Workshop on Visualization for Cyber Security. New York: ACM, 2013:9-16.
[10] ALSALEH M, ALQAHTANI A, ALARIFI A, et al. Visualizing PHPIDS log files for better understanding of Web server attacks [C]// Proceedings of the 10th Workshop on Visualization for Cyber Security. New York: ACM, 2013: 1-8.
[11] LI B, SPRINGER J, BEBIS G, et al. A survey of network flow applications[J]. Journal of Network and Computer Applications, 2013, 36(2): 567-581.
[12] LAI J, WANG H, JIN S. Study of network security situation awareness system based on Netflow[J]. Application Research of Computers, 2007, 24(8): 167-172.(赖积保, 王慧强, 金爽. 基于Netflow的网络安全态势感知系统研究[J]. 计算机应用研究, 2007, 24(8): 167-172.)
[13] SCARFONE K, MELL P. Guide to Intrusion Detection and Prevention Systems (IDPS)[K/OL]. [2014-06-20].http://wenku.baidu.com/link?url=JICw2pW5FMQQpKbU1TBfcFGrz5 51tCfIIbjAysZsRQJDfiG3--BOxvOZeczL1_sNflAq_r9J0iDEoz-K8Mwsnt4ofLO6_rxqNUZO9fbUSZ_.
[14] NEWMAN R. Computer security: protecting digital resources[M]. Burlington: Jones & Bartlett Publishers, 2009:273-275.
[15] GUERRA-GOMEZ J, BUCK-COLEMAN A, PACK M, et al. TreeVersity: Interactive visualizations for comparing hierarchical datasets[J/OL].[2014-06-20]. http://hcil2.cs.umd.edu/trs/2012-14/2012-14.pdf.
[16] ZHANG X, YUAN X. Treemap visualization[J]. Journal of Computer-Aided Design and Computer Graphics, 2012, 24(9): 1113-1124. (张昕, 袁晓如. 树图可视化[J]. 计算机辅助设计与图形学学报, 2012, 24(9): 1113-1124.)
[17] KRSTAJIC M, KEIM D. Visualization of streaming data: observing change and context in information visualization techniques[C]// Proceedings of the 2013 IEEE International Conference on Big Data. Piscataway: IEEE, 2013:41-47.
[18] ROPINSKI T, OELTZE S, PREIM B. Survey of glyph-based visualization techniques for spatial multivariate medical data[J]. Computers and Graphics, 2011, 35(2): 392-401.
[19] CHEN Y, HU H, LI Z. Performance compare and optimization of ractangular treemap layout algorithms[J]. Journal of Computer-Aided Design and Computer Graphics, 2013, 25(11): 1623-1634. (陈谊, 胡海云, 李志龙. 树图布局算法的比较与优化研究[J]. 计算机辅助设计与图形学学报, 2013, 25(11): 1623-1634.)
[20] KRSTAJIC M, BERTINI E, KEIM D. Cloudlines: Compact display of event episodes in multiple time-series[J]. IEEE Transactions on Visualization and Computer Graphics, 2011, 17(12): 2432-2439.
[21] SHI C, CUI W, LIU S, et al. RankExplorer: visualization of ranking changes in large time series data[J]. IEEE Transactions on Visualization and Computer Graphics, 2012, 18(12): 2669-2678.

基于多元异构网络安全数据可视化融合分析方法

Visual fusion and analysis for multivariate heterogeneous network security data

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	郑志强, 胡鑫, 翁智, 王雨禾, 程曦. 基于改进DenseNet的牛眼图像特征提取方法[J]. 计算机应用, 2021, 41(9): 2780-2784.
[2]	佘玉龙, 张晓龙, 程若勤, 邓春华. 基于边缘关注模型的语义分割方法[J]. 计算机应用, 2021, 41(2): 343-349.
[3]	赵津, 宋文爱, 邰隽, 杨吉江, 王青, 李晓丹, 雷毅, 邱悦. 儿童阻塞性睡眠呼吸暂停计算机人脸辅助诊断综述[J]. 《计算机应用》唯一官方网站, 2021, 41(11): 3394-3401.
[4]	朱新成, 何坤金, 倪娜, 郝博. 基于改进迭代最近点算法的接骨板贴合性快捷计算方法[J]. 计算机应用, 2021, 41(10): 3033-3039.
[5]	尹春勇, 何苗. 基于改进胶囊网络的文本分类[J]. 计算机应用, 2020, 40(9): 2525-2530.
[6]	周云, 陈淑荣. 基于双流非局部残差网络的行为识别方法[J]. 计算机应用, 2020, 40(8): 2236-2240.
[7]	张家岗, 李达平, 杨晓东, 邹茂扬, 吴锡, 胡金蓉. 基于深度卷积特征光流的形变医学图像配准算法[J]. 计算机应用, 2020, 40(6): 1799-1805.
[8]	徐代, 岳璋, 杨文霞, 任潇. 基于改进的三向流Faster R-CNN的篡改图像识别[J]. 计算机应用, 2020, 40(5): 1315-1321.
[9]	张俊升, 徐晶晶, 余伟. 面部美化图像质量无参考评价方法[J]. 计算机应用, 2020, 40(4): 1184-1190.
[10]	郭志强, 胡永武, 刘鹏, 杨杰. 基于特征融合的室外天气图像分类[J]. 计算机应用, 2020, 40(4): 1023-1029.
[11]	沈亮, 王鑫, 陈曙晖. 面向移动应用识别的结构化特征提取方法[J]. 计算机应用, 2020, 40(4): 1109-1114.
[12]	刘尚旺, 刘承伟, 张爱丽. 基于深度可分卷积神经网络的实时人脸表情和性别分类[J]. 计算机应用, 2020, 40(4): 990-995.
[13]	朱喆, 许少华. 降噪自编码器深度卷积过程神经网络及在时变信号分类中的应用[J]. 计算机应用, 2020, 40(3): 698-703.
[14]	陈梅婕, 谢振平, 陈晓琪, 许鹏. 专利新词发现的双向聚合度特征提取新方法[J]. 计算机应用, 2020, 40(3): 631-637.
[15]	王海鹏, 降爱莲, 李鹏翔. 牛顿-软阈值迭代鲁棒主成分分析算法[J]. 计算机应用, 2020, 40(11): 3133-3138.