Design And Implementation Of Cyber Attack Visualization System Based On Map

In the era of rapid development of Internet,the network has not only entered the daily life of humans,but also appeared in military politics and the livelihood economy.On this occasion,ensuring the security and normal operation of the network has become a hot issue of common concern at home and abroad.Cyber-attack visualization technology combines the cyber-attack and visualization technology,uses graphical images to visually display the detection data to the network administrators.It can effectively help the management personnel comprehensively analyze and identify cyber attacks and make effective decisions to ensure the security of the network.However,the conventional cyber-attack visualization system uses single way to display results,the show effect and real-time performance in complex cyber-attack environment need to be improved.So,it is meaningful to design and implement a real-time visualization system of cyber-attack to solve these problems.This thesis start from data of cyber-attack,designs and realizes the visualization of cyber-attack in the map.In order to display the cyber attacks well on the map,and help network security managers to grasp the situation of cyber attack and provide support for decision-making,this thesis mainly carried out the following work:1.A new cyber-attack visualization system was designed and implemented based on the map visualization technology.In the system,Leaflet and Google Map were used to generate the map,the map-based dynamic graphics and other common data visualization technologies were used to show the cyber-attack data in all aspects.2.To demonstrate the system in an environment without external cyber-attack data,we did some research on the attack process of APT shown as an attack chain model and designed a simulator to simulate the data of an APT attack process.3.In order to reduce the system pressure brought about by the amount of data,the fast data changes and the real-time display,we optimized our system with Tornado's asynchronous IO server and incremental updates,Mongo DB was used as a cache to streamline the data structure and reduce the IO interaction pressures.To enhance the realtime performance,WebSocket was used to maintain a consistent display and interaction between the system pages.After testing,our system achieves the goal demanded in the document,it is complete in function and stable in operation.It can accurately process complex data,and has a good real-time performance,which is also intuitive and interactive.