| The traditional analysis method on the network security log has many disadvantages like cognitive burden,inaccurate analysis and the weak interoperability.All of these problems can be solved according to network security visualization especially the experimental data is the complex structured or semi-structured log.Recently,most of the visualization solutions are proposed to the network security expert.More information should be shown in the limited visualization layouts.These visualization solutions need to do the whole network's analysis with the help of network security experts' professional knowledge.As we know,most of the users in the network are the end users.The end users refer to the persons who are not engaged in professional network management and security analysis in family or organizational structure.Network anomalies are often related to the end hosts.According to do the security analysis for the end user,we can improve the end users' network security awareness.At the same time,based on the research project of the Information Physics Society trusted computing Laboratory,this paper proposes a visualization solution point to the end users.This paper hopes to proposed the visualization solution to satisfy the end users' network requirements that the end users can analyze the network from the perspective of their own without the professional knowledge.For the reasons that there are many differences about the usage scenarios,knowledge background and safety awareness between the end users and the security expert.We can't use the traditional layout for the expert to do the visualization analysis for the end users.We invest the end users' using network habit and their network protection requirements.We proposed some visualization layouts to meet these requirements.According to the multiple visualization layout linkage analysis,cases study and other way,the effectiveness of the proposed scheme is verified.The main work of this paper includes:(1)Based on the investigation of network security management requirements of end users,this paper sums up the visual features based on these requirements which lays the foundation for the development of visualization solution.According to the visual characteristics of the end user,we proposed the non-uniform comparative stacked stream to do the network situation awareness,the parallel coordinate curve graph to show the connection about the IP and port and the network topology to simulate the true network.(2)After the data preprocessing,we use the D3.js and Gephi open source library to achieve these proposed layouts and also increase the interactive effect.Meanwhile,we do the linkage analysis refers to these visualization layouts,allow users to display the data from the different layout which represents the different network log data to fully understand their local network conditions.(3)In order to verify the effectiveness of the proposed solution.In this paper,we use the malware-traffic-analysis.net data and ChinaVis2015 challenge data set to do the case study.The end users' regression testing is also submitted.At the same time,this paper aims at improving the Philip proposed methods which is about the non-expert users' situation awareness.Combine with the two articles we also do the analysis.The validity of this visualization solution is verified from different points.This paper can help users understand their own network behavior,find the network abnormal events and increase their awareness of security.Our method that makes the security defense from the end users instead of the network anomalies' analysis can be more effective to prevent the attacks. |
PDF Full Text Request