Research On Visualization Techniques Of Network Security Flow Data

Visualization of network security has become a popular filed in the study of network security research.Currently,in the face of massive high-dimensional network security data,increasingly sophisticated intrusion attacks,increasing complexity of network structure and other issues,visualization of network security has been well received by the network security analysis and managers,because of it has lots of data analysis advantages such as simplify data dimensionality reduction,easy to excavate anomalies,attacks and so on.It also increasingly subject to people's attention.Network security stream data has well applied in detecting network anomalies,finding attacks in the network and other network-related work.Form simple text analysis to using mathematical statistic and data mining techniques to analyze,the research of using network security stream data to analyze network security problems has never stopped.In this paper,a deep study about the methods and applications of using visualization of network security to analyze the network security flow data has been made.In this paper,a system structure model which using network flow data to visual analyze is proposed that bases on both researching the technologies and theories of information visualization,network security visualization,network flow data and referencing traditional network flow system design ideas and information visualization process.The model includes data collection,data receiving,data handling,data visualizing and human-computer interaction.Meanwhile,with this system architecture two visualization analysis systems which are all based on network flow data are designed and implemented in this paper.A visual analysis system to detect and analyze network scanning is made in this paper,which is using real-time NetFlow data.A new visualization method is achieved in this system,and the new visualization method is well suitable for visualizing large scale data sets.At the same time,the system also incorporates parallel coordinates and geographic thermodynamic diagram to complete the testing and analysis of network scanning.It proved the validity and usefulness of the system in the detection and analysis of network scanning by practical used in the campus network analyzing the real-time NetFlow data.In addition,anther visual analysis system is also designed which using TcpFlow data to distinguish the hosts between clients and servers in the network,divide the topology of network,class the servers,find communication modes and a variety of visualization methods are used to solve the tasks proposed above in the system.The system can help network administrators and network security analysts understand the structure of the whole network and characteristics of the network quickly,making it convenient to the management of the network and perception of network security situation.