| Network security visualization is a new research field which consists of network security and data visualization technology. This technology can effectively solve a series of problems such as heavy cognitive burden and less interaction when traditional methods deal with vast amounts of information, and play an efficient role in visualization technology, which makes use of effective collaboration of multiple sensors to build the basis of collaborative analysis of multi-source log data and display the relationship between them in order to help security analysts efficiently identify anomalous events and trend of attack features as well as fully master network security situation.On the basis of reference model for visualization, this thesis analyze and process multi-source log data though feature fusion, then take the log information includes time, types of security events, source IP and destination IP as the input of visualization, and display them though modified algorithms of radar and network topology, that help analysts:① Check all devices occurred a certain type of security event in a certain period time;② Count all security events of one certain device in a period time to find the device which may have suspicious behaviors;③ Highlight the devices and trends that security events happened to help analysts find critical nodes and the collection of them.Based on the theory of network security visualization, this paper designs and implement multi-source security logs, and takes the national standard data sets such as firewall logs, Netflow logs and Bigbrither logs provided by VAST challenge 2013 as the experimental data to verify the effectiveness of this visualization technology. |
PDF Full Text Request