Journal of Computer Applications ›› 2015, Vol. 35 ›› Issue (5): 1379-1384.DOI: 10.11772/j.issn.1001-9081.2015.05.1379

Previous Articles     Next Articles

Visual fusion and analysis for multivariate heterogeneous network security data

ZHANG Sheng1,2, SHI Ronghua1, ZHAO Ying1   

  1. 1. School of Information Science and Engineering, Central South University, Changsha Hunan 410083, China;
    2. Modern Educational Technology Center, Hunan University of Commerce, Changsha Hunan 410205, China
  • Received:2014-12-05 Revised:2015-01-12 Online:2015-05-10 Published:2015-05-14

基于多元异构网络安全数据可视化融合分析方法

张胜1,2, 施荣华1, 赵颖1   

  1. 1. 中南大学 信息科学与工程学院, 长沙 410083;
    2. 湖南商学院 现代教育技术中心, 长沙 410205
  • 通讯作者: 张胜
  • 作者简介:张胜(1975-),男,湖南株洲人,博士研究生,CCF会员,主要研究方向:网络信息安全、计算机支持的协作学习、网络软件; 施荣华(1963-),男,湖南长沙人,教授,博士,主要研究方向:计算机通信保密、网络信息安全; 赵颖(1980-),男,湖南长沙人,讲师,博士,主要研究方向:信息可视化、可视分析.
  • 基金资助:

    国家自然科学基金资助项目(61402540).

Abstract:

With the growing richness of modern network security devices, network security logs show a trend of multiple heterogeneity. In order to solve the problem of large-scale, heterogeneous, rapid changing network logs, a visual method was proposed for fusing network security logs and understanding network security situation. Firstly, according to the eight selected characteristics of heterogeneous security logs, information entropy, weighted method and statistical method were used respectively to pre-process network characteristics. Secondly, treemap and glyph were used to dig into the security details from micro level, and time-series chart was used to show the development trend of the network from macro level. Finally, the system also created graphical features to visually analyze network attack patterns. By analyzing network security datasets from VAST Challenge 2013, the experimental results show substantial advantages of this proposal in understanding network security situation, identifying anomalies, discovering attack patterns and removing false positives, etc.

Key words: network security visualization, multiple heterogeneous data, feature extraction, treemap and glyph, time-series chart

摘要:

随着现代网络安全设备日益丰富,安全日志呈现多元异构趋势.针对日志数据量大、类型丰富、变化快等特点,提出了利用可视化方法来融合网络安全日志,感知网络安全态势.首先,选取了异构安全日志中有代表性的8个维度,分别采用信息熵、加权法、统计法等不同算法进行特征提取;然后,引入树图和符号标志从微观上挖掘网络安全细节,引入时间序列图从宏观展示网络运行趋势;最后,系统归纳图像特征,直观分析攻击模式.通过对VAST Challenge 2013竞赛数据进行分析,实验结果表明, 该方法在帮助网络分析人员感知网络安全态势、识别异常、发现攻击模式、去除误报等方面有较大的优势.

关键词: 网络安全可视化, 多元异构数据, 特征提取, 树图和符号标志, 时间序列图

CLC Number: