Design And Implementation Of Port Scan Behavior Recognition Tool Based On Visualization Of Traffic Data

The Internet industry has developed rapidly in the 21 st century.People have entered the information age.The Internet has brought us many conveniences,but at the same time,it has hidden more crises.For example,there are more and more cases of network attacks,and people are facing more and more security threats.Port scanning,one of the types of network attacks,is often the precursor of major network security accidents.However,because we are in an era of excessive information and,it is impossible to identify attacks by exploring valuable information through our eyes in the data jungle.Compared with traditional charts and data dashboards,data visualization is devoted to providing real-time business insights hidden behind rapidly changing and complex data in a more vivid and friendly form.This paper locate the attack time quickly and accurately through visual presentation and analysis of network traffic data,so as to identify port scanning behavior.This paper mainly completes the following aspects:(1)A port scan recognition tool based on network traffic visualization is designed and developed,which integrates data visualization and anomaly analysis into one tool for easy operation.(2)Based on the analysis of the original network traffic data set and the characteristics of port scanning,the effective characteristic indicators are extracted,and the information entropy method commonly used to process the traffic data is selected,and the standardized data that can be used by the tool is obtained by normalization processing.And Through the investigation of data visualization methods,several methods of data visualization presentation are selected and designed.Through the analysis of one-step visualization methods,the identification of port scanning behavior is finally completed.Firstly,the time point of port scanning is found by the combination of parallel graph,histogram and polygraph.Then,the IP address of the target host is found by tree graph.Finally,the attacked port on the hostis found by pie chart.Finally,the experimental results are obtained.(3)By comparing with other experiments,the experimental results are more perfect,convincing and credible.So the designed tool can identify the port scanning behavior completely.