| For the past few years,with the quick development of network communication technology has thrown more strictly and continuing upgrading requirements on network security,the analysis of network security data plays a crucial role for researchers and network service providers.Now,network security data appears an exploding growth,the common used data analysis methods can no longer analyze network security totally and timely,it’s necessary that to put a comprehensive analysis of network status in order to protect the network security in time.At present,with the combine of network security and visualization methods,to present complex data by visual graphics,and improve the perception ability of analysts at the same time.The combination of these two aspects can greatly optimize the network security protection system.In this article,through the network security visualization technology,use network traffic data,from a point view of network analyst,by analyzing the network situation,flow condition and network node connection to locate to the network abnormal moment,showing the exceptional data details,in final,focusing on the specific host or port to achieve the goal of recognition network abnormal situations.This research is mainly working from the following three aspects:(1)By the analysis of the current network security tasks,the analysis of network monitoring,anomaly detection,feature analysis,correlation analysis,situational awareness and network assessment,from these six network security tasks to combine the analysis.And also propose a visual analysis method of network traffic data on abnormal detection and feature analysis.This paper summarizes the advantages and disadvantages of popular network security traffic visualization methods and common graphs,and also selects the visual analysis view of this paper based on the characteristics of network traffic data.(2)To construct the index model of network traffic data by analyzing the characteristics of network traffic data.We select the important data features in the network traffic data analysis to build the regular feature set of network traffic,and the best short feature set of different attacks according to different types of network attacks.Data preprocessing is used to clean the data,and entropy normalization is used to reduce the difficulty of visual analysis of network traffic data.(3)For network traffic data,a multi view collaborative visual analysis method is proposed to analyze the current state of the network from macro to detail,in order to achieve the purpose of network security detection.In the method of multi view visual analysis,three cooperative and interactive visual views are proposed.Firstly,judging the current situation of the network by the overall timing analysis,and initially determine the abnormal time of the network;Secondly,analyzing the abnormal state,compare the normal state of the network with the abnormal time period,and quickly predict the network attack mode;Finally,analyze the abnormal subject,and judge the attacked subject through the statistics of IP address or port connection number.Through the visual analysis experiment,anomaly detection can be realized to identify DDo S attacks,which verifies the effectiveness of the visual analysis method. |
