| With the advent of the information age,visualization methods have been using by more and more topics of network security and large data analysis.The branch of network security visualization gradually formed.Visual analytics combine both human's cognitive ability and machine's data processing ability.It could solve the problems of traditional automatic or semi-automated security products on two aspects.First,there is a delay in updating the rules and the old strategies cannot provide enough protection of the network.Second,users cannot gain an overview of the network and their cognitive load would increase.The target of network visual analysis is made up for the ability of security analysts that they can more effectively grasp the network security features,perceived security posture,and discover hidden information.The visual analysis methods for existing network security logs are inadequacies in the display of efficiency,interpretability,reproducibility,perceptual uniformity,and space utilization.This paper proposed a visual solution basing on the visual analysis method.In the process of visual design,we emphasize the presentation of network level,association,timing data,and coordinated interaction.We improve four visual views and build a visual analysis system.This subject's work includes:(1)After comparing and analyzing the existing common network structure visual methods,we select the innovative hive plots display connection features.We illustrate and improve the shortcoming of its structural design and data presentation methods in the face of network security visual analysis.(2)Based on the classic views such as sunburst,timing chart,and doughnut chart,we count the host's network distribution,traffic transformation,and port's access transformation of the network.On the aspects of display dimensions,display effects and interaction effects,we make many changes that lead each view complementary,and express richer information.(3)From the system level,we provide new visual design.Taking the user's exploration process into consideration,we make an overall design and supplement of every module's display efficiency,data conversion,and visual output.As a result,we provided a highly autonomous,multi-view collaborative system for analysts,enabling security analysts could get used knowledge from log data.(4)Using the published network's security log data set,we evaluate the usability and effectiveness of our visual design in various ways.The visualization system of this topic was developed smoothly and the method design was reasonable.This topic mainly for the analysts who have relative knowledge about network security.This design can intuitively support them to dig out the information of abnormal event in the network flow,analyze the network behavioral patterns,and get the view of the entire network. |
PDF Full Text Request