摘要
网络安全可视化是近年来网络安全研究的热点,它通过提供有效的信息可视化工具,提升网络安全分析师在解决网络安全问题过程中的感知和认知能力,从而发现模式、识别异常和掌握趋势。为了应对大规模、多数据源的网络安全协同可视分析需求,研究了基于统一格式的事件元组和统计元组的数据融合模型,并提出了擅长事件关联分析的雷达图和擅长统计时序对比分析的对比堆叠流图的设计方法。最后使用该原型系统对2013国际可视分析挑战赛(visual analytics science and technology challenge,VAST Challenge)中网络安全数据可视分析竞赛提供的数据集进行了分析,通过实验和讨论验证了该网络安全数据协同可视分析方法的有效性。
Network security visualization is a growing community of network security research in recent years. It provides the human security analysts with better tools to discover patterns, detect anomalies, identify correlations of security events with higher efficiency. To meet the demand of cooperative visual analytics on large-scale network and multi-source data, this paper develops a data fusion model based on the even tuple and statistics tuple within uniform data formats, raises a design strategy including the radial graph that is good at parsing events correlations and comparative stacked stream that is good at comparing statistics time series, explores the automated deployment method based on network logic topology and edge bundling method in radial graph. Finally by utilizing the proposed prototype system to analyze network security datasets in VAST Challenge 2013 and conducting some experiments and discussions, the effectiveness of tools is verified and substantiated.
出处
《计算机科学与探索》
CSCD
2014年第7期848-857,共10页
Journal of Frontiers of Computer Science and Technology
基金
国家自然科学基金(61103108)
湖南省自然科学基金(12JJ3062)
湖南省科技计划博士后专项(2012RS4049)
中南大学博士后启动资金项目~~
关键词
信息可视化
可视分析
网络安全
数据融合
堆叠流图
雷达图
information visualization
visual analytics
network security
data fusion
stacked stream graph
radial graph
