Research On Three-dimensional Visualization For Network Anomaly Traffic

With the rapid development of network technology, network anomalous behaviors are toorampant to be a threat to the normal order of politics and economy, but the traditionaltext-based network intrusion detection systems has the shortcoming of cognitive overload,high rate of false positives and false negative rate, poor human-computer interaction, the lackof global understanding of network security and risk cannot be predicted and defense inadvance. It is unable to meet the urgent needs of the people to improve network securityperformance.As a new technology, Network information visualization technology merges networksecurity and information visualization. With this technology, an interactive graphical networkstatus display to the user to analyze the network traffic and defense of abnormal behaviors.This approach fully combines the advantages of computers and human brain in imageprocessing capabilities, displays the massive high-dimensional flow data in image way torealize image communication between people and data, enabling users to quickly findpotential security threat in network traffic.In this paper we explore three-dimensional approaches to visualize network packets andnetwork intrusion detection system alerts in order to provide a new method to solve thenetwork security problem. The design of proposed visualization model is according to theabnormal flow characteristics, emphasize the importance of human-computer interaction inthe system and insert people into the process of feedback loops of security system. Inaddition，3D visualization system bring more intuitive image and interact with the user inmultiple views, multi-angle, multi-scale way than2D. This paper introduces the design anddevelopment process of3D visualization system with Java3D technology in detail. This paperevaluates the effect of visualizations by using the DARPA intrusion detection evaluation dataset and campus network traffic Experimental results show that the system can generateeffective3D network anomaly traffic view according to SNORT detection log, and cubescatterplot have strong ability of detection and recognition for network scanning, and DDoSattack, etc, which is not detected by SNORT. According to multiple views, network analyzerscan achieve the effective network security management.