| Network security visualization has been a hot research area in recent years. Compared to the traditional methods of analyzing log data, visualization technology can change the research method greatly. It can not only deal with massive data, but also help network administrators detect anomaly events by analyzing the pattern, even discover new attack type and forecast the trend of events.Aiming at the port scan detection problem in security area, this paper studies how information visualization technology can help analysts discover security events. Firstly, the foreign research status and achievements in this area are summarized from different perspective, then many famous security visualization tools'advantage and disadvantage are analyzed in detail and the problems which should be solved are pointed out. Secondly, considering of most research methods used are concentrating on how to find novel visual structures, visualizing network data combining with the network event characteristics is proposed, and the new research idea is used to guide the design of our security visualization tool. Finally, after analyzing port scan methods and detection technologies used now, a visual port scan detection system called ScanViewer is designed and implemented, and the experiments show that the system can detect slow scan, distributed port scan and many kinds of TCP steal scan effectively.Above all, in view of the single research method used in security visualization, a new method is proposed, then a visual port scan detection system is developed, and the system can detect many kinds of port scan events easily and has high practical function. |
PDF Full Text Request