Research On Visualization Techniques Of Network Security Situation Based On Snmp

Network situation awareness technology is a new security technology which can evaluate the current and future network security state within a period of time quantitatively and qualitatively, and is also provided with the function of real-time monitoring and early warning. Developing the research of network situation awareness system is of great significance for improving our emergency response capability of our country's network system, mitigating the harm caused by cyber attacks and improving the system's counter-attack capability. Visualization of network situation is an important component of network situation awareness system. Therefore, the research of visualization techniques of network situation is very important.This paper has deeply studied many aspects of the visualization technology of network security situation based on SNMP protocol. First, the system designed in the paper can collect MIB data of many network devices by SNMP protocol and put these data as historical data into the database. Second, combining concept hierarchy, attribute relevance analysis, association rule mining and other related theories of data mining, the system designed in the paper can analyze and manipulate historical data in the database in order to extract data rules for the detection of abnormal state of network devices, and then put these data rules into the rules base. Third, based on the comprehensive comparison of a variety of methods of network topology discovery, this paper has designed and implemented a simple mathematical model of network topology and a network topology discovery algorithm. With the model and the algorithm, the system designed in the paper can generate all kinds of network topology graphs. This laid the foundation for the realization of visualization of network security situation. Last, the system designed in this paper will compare real-time data that are collected from network equipments with the data rules in rules base in order to judge whether network equipments are in an abnormal state. For the network equipments in an abnormal state, the system will modify its attributes of corresponding graphic elements in network topology graphs so that these graphic elements will be highlighted. In this way, the system designed in the paper has achieved the effect of visualization of network security situation.In addition, on the basis of the above-mentioned results, this paper has also designed and implemented the remote transmission function of network situation topology graphs by multi-threading, socket communications, object serialization and other programming techniques in order to achieve the purpose of monitoring wider network. This further enhances the effect of visualization of network situation.