基于多元异构网络安全数据可视化融合分析方法

doi:10.11772/j.issn.1001-9081.2015.05.1379

摘要
图/表
参考文献(0)
相关文章 (15)

全文: PDF (1085 KB) HTML (1 KB)
输出: BibTeX | EndNote (RIS)

摘要

随着现代网络安全设备日益丰富,安全日志呈现多元异构趋势.针对日志数据量大、类型丰富、变化快等特点,提出了利用可视化方法来融合网络安全日志,感知网络安全态势.首先,选取了异构安全日志中有代表性的8个维度,分别采用信息熵、加权法、统计法等不同算法进行特征提取;然后,引入树图和符号标志从微观上挖掘网络安全细节,引入时间序列图从宏观展示网络运行趋势;最后,系统归纳图像特征,直观分析攻击模式.通过对VAST Challenge 2013竞赛数据进行分析,实验结果表明, 该方法在帮助网络分析人员感知网络安全态势、识别异常、发现攻击模式、去除误报等方面有较大的优势.

	服务

	把本文推荐给朋友
	加入我的书架
	加入引用管理器
	E-mail Alert
	RSS
	作者相关文章
	张胜
	施荣华
	赵颖

关键词 ：网络安全可视化, 多元异构数据, 特征提取, 树图和符号标志, 时间序列图

Abstract：

With the growing richness of modern network security devices, network security logs show a trend of multiple heterogeneity. In order to solve the problem of large-scale, heterogeneous, rapid changing network logs, a visual method was proposed for fusing network security logs and understanding network security situation. Firstly, according to the eight selected characteristics of heterogeneous security logs, information entropy, weighted method and statistical method were used respectively to pre-process network characteristics. Secondly, treemap and glyph were used to dig into the security details from micro level, and time-series chart was used to show the development trend of the network from macro level. Finally, the system also created graphical features to visually analyze network attack patterns. By analyzing network security datasets from VAST Challenge 2013, the experimental results show substantial advantages of this proposal in understanding network security situation, identifying anomalies, discovering attack patterns and removing false positives, etc.

Key words： network security visualization multiple heterogeneous data feature extraction treemap and glyph time-series chart

收稿日期: 2014-12-05

基金资助:

国家自然科学基金资助项目(61402540).

通讯作者: 张胜 E-mail: 48209088@qq.com

作者简介: 张胜(1975-),男,湖南株洲人,博士研究生,CCF会员,主要研究方向:网络信息安全、计算机支持的协作学习、网络软件; 施荣华(1963-),男,湖南长沙人,教授,博士,主要研究方向:计算机通信保密、网络信息安全; 赵颖(1980-),男,湖南长沙人,讲师,博士,主要研究方向:信息可视化、可视分析.

引用本文:

张胜, 施荣华, 赵颖. 基于多元异构网络安全数据可视化融合分析方法[J]. 计算机应用, 2015, 35(5): 1379-1384. ZHANG Sheng, SHI Ronghua, ZHAO Ying. Visual fusion and analysis for multivariate heterogeneous network security data. Journal of Computer Applications, 2015, 35(5): 1379-1384.

链接本文:

http://www.joca.cn/CN/10.11772/j.issn.1001-9081.2015.05.1379 或 http://www.joca.cn/CN/Y2015/V35/I5/1379

[1]	SHIRAVI H, SHIRAVI A, GHORBANI A. A survey of visualization systems for network security[J]. IEEE Transactions on Visualization and Computer Graphics, 2012, 18(8):1313-1329.
[2]	FINK G A, MUESSIG P, NORTH C. Visual correlation of host processes and network traffic[C]// Proceedings of the 2005 IEEE Workshop on Visualization for Computer Security. Piscataway: IEEE, 2005:11-19.
[3]	BOSCHETTI A, MUELDER C, SALGARELLI L, et al. TVi: a visual querying system for network monitoring and anomaly detection[C]// Proceedings of the 8th International Symposium on Visualization for Cyber Security. New York: ACM, 2011: 1-10.
[4]	BRAUN L, VOLKE M, SCHLAMP J, et al. Flow-inspector: a framework for visualizing network flow data using current Web technologies[J]. Computing, 2014, 96(1): 15-26.
[5]	SHIRAVI H, SHIRAV A, GHORBANI A. IDS alert visualization and monitoring through heuristic host selection[C]// Proceedings of the 12th International Conference on Information and Communications Security. Piscataway: IEEE, 2010: 445-458.
[6]	ZHANG S, SHI R, ZHOU F. A visualization scheme based on radial panel in intrusion detection system[J]. Computer Engineering, 2014, 40(1): 16-19. (张胜, 施荣华, 周芳芳. 入侵检测系统中基于辐射状面板的可视化方法[J]. 计算机工程, 2014, 40(1): 15-19.)
[7]	XI R, YUN X, JIN S, et al. Research survey of network security situation awarenss[J]. Journal of Computer Applications, 2012, 32(1): 1-4. (席荣荣, 云晓春, 金舒原, 等. 网络安全态势感知研究综述[J]. 计算机应用, 2012, 32(1): 1-4.)
[8]	ZHAO Y, ZHOU F, FAN X, et al. IDSRadar: a real-time visualization framework for IDS alerts[J]. Science China Information Sciences, 2013, 56(8): 1-12.
[9]	HUMPHRIES C, PRIGENT N, BIDAN C, et al. ELVIS: Extensible Log VISualization[C]// Proceedings of the 10th Workshop on Visualization for Cyber Security. New York: ACM, 2013:9-16.
[10]	ALSALEH M, ALQAHTANI A, ALARIFI A, et al. Visualizing PHPIDS log files for better understanding of Web server attacks [C]// Proceedings of the 10th Workshop on Visualization for Cyber Security. New York: ACM, 2013: 1-8.
[11]	LI B, SPRINGER J, BEBIS G, et al. A survey of network flow applications[J]. Journal of Network and Computer Applications, 2013, 36(2): 567-581.
[12]	LAI J, WANG H, JIN S. Study of network security situation awareness system based on Netflow[J]. Application Research of Computers, 2007, 24(8): 167-172.(赖积保, 王慧强, 金爽. 基于Netflow的网络安全态势感知系统研究[J]. 计算机应用研究, 2007, 24(8): 167-172.)
[13]	SCARFONE K, MELL P. Guide to Intrusion Detection and Prevention Systems (IDPS)[K/OL]. [2014-06-20].http://wenku.baidu.com/link?url=JICw2pW5FMQQpKbU1TBfcFGrz5 51tCfIIbjAysZsRQJDfiG3--BOxvOZeczL1_sNflAq_r9J0iDEoz-K8Mwsnt4ofLO6_rxqNUZO9fbUSZ_.
[14]	NEWMAN R. Computer security: protecting digital resources[M]. Burlington: Jones & Bartlett Publishers, 2009:273-275.
[15]	GUERRA-GOMEZ J, BUCK-COLEMAN A, PACK M, et al. TreeVersity: Interactive visualizations for comparing hierarchical datasets[J/OL].[2014-06-20]. http://hcil2.cs.umd.edu/trs/2012-14/2012-14.pdf.
[16]	ZHANG X, YUAN X. Treemap visualization[J]. Journal of Computer-Aided Design and Computer Graphics, 2012, 24(9): 1113-1124. (张昕, 袁晓如. 树图可视化[J]. 计算机辅助设计与图形学学报, 2012, 24(9): 1113-1124.)
[17]	KRSTAJIC M, KEIM D. Visualization of streaming data: observing change and context in information visualization techniques[C]// Proceedings of the 2013 IEEE International Conference on Big Data. Piscataway: IEEE, 2013:41-47.
[18]	ROPINSKI T, OELTZE S, PREIM B. Survey of glyph-based visualization techniques for spatial multivariate medical data[J]. Computers and Graphics, 2011, 35(2): 392-401.
[19]	CHEN Y, HU H, LI Z. Performance compare and optimization of ractangular treemap layout algorithms[J]. Journal of Computer-Aided Design and Computer Graphics, 2013, 25(11): 1623-1634. (陈谊, 胡海云, 李志龙. 树图布局算法的比较与优化研究[J]. 计算机辅助设计与图形学学报, 2013, 25(11): 1623-1634.)
[20]	KRSTAJIC M, BERTINI E, KEIM D. Cloudlines: Compact display of event episodes in multiple time-series[J]. IEEE Transactions on Visualization and Computer Graphics, 2011, 17(12): 2432-2439.
[21]	SHI C, CUI W, LIU S, et al. RankExplorer: visualization of ranking changes in large time series data[J]. IEEE Transactions on Visualization and Computer Graphics, 2012, 18(12): 2669-2678.