| Data visualization is an important way to assist people in mining regular patterns existed in large-scale data,and now it is widely used in network log analysis and many other areas.By visualizing the network log,network administraters and analysts can obtain communication patters and abnormal events efficiently instead of observing dizzy data.Howerver,the existing data visualization technology and analysis methods to process network log are not accuracy enough due to not taking the role of the host played in the network into account,and untill now there's no effective way to recognize roles of hosts played in telecommunication precedure.To solve these problems,this paper proposes a kind of role recognition algorithm based on hosts' behavior recorded in network log.During the procedure of identifying hosts' roles,the K-means clustering algorithm is improved,then it is used to improve the speed of role identification.On the basis of recognizing roles of hosts,a kind of visualization analysis scheme that is based on different time granularity is designed to improve the analysis efficiency of network security personnel and analysts.Firstly,the three main attributes describing the behavioral characteristics of hosts are determined by combining the related network knowledge with the mathematical analysis method,and then by using the improved K-means clustering algorithm based on the minimum expansion rate of boundaries,a preliminary study on servers and clients clusters is made.Then relevant analytical statistical methods are used to furtherly identify servers and clients.Secondly,according to communications between servers and clients,the model for visualizing patterns of their communication relationship is constructed based on force-directed layout algorithm,so the logical topology of the hosts' communication in the network is obtained.The central position of servers in the communication process is displayed by visualization method,which verifies the effectiveness of the server extraction algorithm.Thirdly,in order to comprehensively explore modes in communications between clients and servers,three kinds of visual views are designed based on different time granularity,including dynamic real-time graphs,host traffic thermal graphs with deep analysis capability,and parallel coordinate views that overcome the effect of lines' overlap.Finally,by using the method proposed in this paper,the visualization work of the communication between different roles is accomplished and the corresponding comparative analysis is carried out to prove the effectiveness of the methods proposed in this paper. |
PDF Full Text Request