| The emergence of more and more security monitoring equipment and technology provides security for complex network systems,and the network log data from different devices records all aspects of network behavior using distinct data formats and attributes.By analyzing the network log data,we can find out the data patterns contained in the network,analyze the log data by using the data visualization technology,which transform the largescale log data into a simpler and more intuitive visual image,and use people's visual cognitive ability to obtain data information and structure,to build a bridge between cognitive analysis and log data.It solves the malpractice of traditional analysis methods and is a new cross-research field,Through the visual analysis of network log data,we can master the network state,identify network anomalies and threat events,and further predict the development trend.According to the different data types,can be divided into single-source data and multi-source data visual analysis.This thesis takes multi-source network log data as the research object,combined with data visualization technology to analyze the abnormal behavior.The research results mainly include the following aspects:1.The community detection of network structure is based on K-means clustering algorithm and Force-directed algorithm(FDA).Community structure is common in complex network relations.First,K-means clustering algorithm is used to discover and divide the network topology.Then validates the results with FDA,and finds the close relationship between individuals in the same community and the connections between different communities.The network of individual relationships found by community detection through network log data is used as the basis for the identification and judgment of threat events in the next step.2.A multi-source network log data visual analysis model is designed.Aiming at the multilevel characteristics of log data,the progressive analysis of multi-source log data from whole to individual is realized.This model is divided into three parts of data transformation,visual analysis and view generation,the core of which is visual analysis module.The visual analysis module divides the analysis process into three levels: macroscopic,mesoscopic and microscopic.Through the macroscopic hierarchical analysis of the whole time series and the meso level analysis of local time series on the same single source data,the active individuals are obtained,and carries on the multi-view collaborative analysis of the multi-source log data at the micro level.The model can be used for multiple angles of single-source data and collaborative analysis of multi-source data,so as to ensure that the complete abnormal behavior is detected.3.Design the view and visual encoding of the model in detail.Aiming at different levels of analysis tasks and the diversity and time variability of log data,the layout is designed by combining basic and improved views with a reasonable visual channel.At the same time,the interaction ways of view scaling,navigation translation,selecting highlighting and so on are designed to build a complete analysis process,so as to complete the visual expression of data efficiently.Based on the above methods and models,a multi-source network log data visual analysis system is implemented,and a case study is carried out using the China Vis Challenge data set,which proves the validity of the method proposed in this thesis. |
PDF Full Text Request