Map Of Network Security Situation Based On Parallel Coordinates

The visualization of network security situation is displaying of the multidimensional data of network security situation. The existing tools for the visualization of network security situation have some problems, such as the style of views is not abundant enough, the dimensions of revealed information are not comprehensive, and the function of interactions for these tools is weakness. The multidimensional data of network security situation is transformed into 2-D pattern with the parallel coordinates (abbrev. ||-coords) technology which suitable for exploration and analysis. The network analyst can analyzes the network security situation from the ||-coords views full visually,extracts the network attack types, attack scale and attack source quickly and directly. The digital map can display the geographic distribution situation of the network attacks, enable the network analyst views and analyzes the relativities of the network attacks and geopolitical locations.The ||-coords technology will be worked in with the geographic information system (abbrev. GIS) in this thesis. The ||-coords plot will be applied to display the data of network security situation, the GIS will be applied to display the network attack relationship. On the digital map, the source/destination IP will be represented by a pair of symbol features, on the other hand, these symbol features need to be located in an urban area that queried from the IP geo-location city database.In this thesis, the main research contents are following.1) The visualization of network security situation and the data analysis and extraction technology was studied which based on the ||-coords plots, the scattering points in ||-coords plots and the map. The plots transformation algorithm was designed for the ||-coords plots and the scattering points in ||-coords plots. The map and render algorithms were proposed for transformed the data of network security situation into the ||-coords plots and the scattering points in ||-coords plots. The attack data analyzed and extracted from the ||-coords views or the scattering points in ||-coords views were aggregated processing and displayed on the situation map accorded to the map views processing algorithm.2) An IP geo-coding algorithm was proposed which could be used for the second development of GIS to display the source/destination IP marks as symbol features and their attack relation marks as line features on the digital map in order to reflect the relativities between the network attacks and the geographical position adequately.3) The interactive technologies for the ||-coords views, scattering points in ||-coords views and map views were studied. For example, the technologies of brushing, dimensional magnification and dimensional exchange for the ||-coords views were designed, the technology of ellipse marquee for scattering points in ||-coords views were designed, the technology of map zoom in, map zoom out and map translation for the map views were designed and a method be used for switch and control these views were designed also. The network analyst could analyze and extract the network attack types, view the attack scale and analyze the relativities of network attacks and geopolitical locations via human-computer interaction technologies.4) A prototype of visualization system was designed and implemented based on ||-coords and digital map for the network security situation. The results of the experiments showed that the network analyst could find the tendency of the network security situation from the ||-coords views and scattering points in ||-coords views directly and full visually and extract the network attack types, attack scale and attack source by human-computer interaction methods quickly and directly and analyze the relativity of the network attack and the geographical position on the map views clearly.The result of research provides a multidimensional visual, quickly analysis and intuitionistic expression method for the visualization of network security situation that can make decision support for the analyst efficiently.