With the growing richness of modern network security devices, network security logs show a trend of multiple heterogeneity. In order to solve the problem of large-scale, heterogeneous, rapid changing network logs, a visual method was proposed for fusing network security logs and understanding network security situation. Firstly, according to the eight selected characteristics of heterogeneous security logs, information entropy, weighted method and statistical method were used respectively to pre-process network characteristics. Secondly, treemap and glyph were used to dig into the security details from micro level, and time-series chart was used to show the development trend of the network from macro level. Finally, the system also created graphical features to visually analyze network attack patterns. By analyzing network security datasets from VAST Challenge 2013, the experimental results show substantial advantages of this proposal in understanding network security situation, identifying anomalies, discovering attack patterns and removing false positives, etc.
According to the problem of premature convergence and local optimum in Firefly Algorithm (FA), this paper came up with a kind of multi-group firefly algorithm based on simulated annealing mechanism (MFA_SA), which equally divided firefly populations into many child populations with different parameter. To prevent algorithm fall into local optimum, simulated annealing mechanism was adopted to accept good solutions by the big probability, and keep bad solutions by the small probability. Meanwhile, variable distance weight was led into the process of population optimization to dynamically adjust the "vision" of firefly individual. Experiments were conducted on 5 kinds of benchmark functions between MFA_SA and three comparison algorithms. The experimental results show that, MFA_SA can find the global optimal solutions in 4 testing function, and achieve much better optimal solution, average and variance than other comparison algorithms. which demonstrates the effectiveness of the new algorithm.
CDN is a fictitious network, covered in Internet and made up of nodal servers in different areas. Through caching, duplicating, load balancing and user request redirecting, CDN pushes information resources to network edges to provide end users with the best and most available servers to access various contents. A brief view of CDN technology was presented, including basic working principles of CDN platform, design principles and mechanism compare of the content routing, and the nodal content engine was compared. The establishment of information sources in broadband networks was also mentioned.