| Due to the increase in the complexity of network attacks,it becomes very challenging for analysts to analyze thoroughly,accurately,and timely.In addition,the multi-source heterogeneity of network security data and the growing amount of data bring a heavy cognitive burden to analysts,which makes the overall network security situation difficult to grasp.Therefore,how to help analysts analyze network attacks efficiently and identify potential abnormal events is an important research project.Based on the visualization model from global exploration to detail analysis,this paper uses algorithms such as attribute similarity and complex network node importance evaluation,and visual expressions such as visual narrative,multi-dimension,hierarchy.From the perspective of the network attack process and network security events,it helps analysts to analyze the main characteristics and behavior patterns of network attacks,so as to improve the understandability and interpretability of network attacks.The visual analysis of network attacks has mainly done the following three aspects:(1)Based on visual narrative and auxiliary decision,this paper makes a systematic exploration of the main characteristics of the network attack process.In view of the complexity and diversity of network attacks,taking the penetration testing process as the research object,extracts the key elements by the Delphi method,constructs the explanatory model of the penetration testing process,and designs the process decision tree diagram and the penetration testing results Sankey diagram.From a global perspective of view,we can achieve exploratory visual analysis of network attack methods,processes,results,and other characteristics,improve the understandability of the network attack process,and help analysts to obtain effective information and prior knowledge of different network attacks activities.(2)Make a hierarchical analysis of network security events from macro to micro,including overall network analysis,network pattern comparison,and abnormal activity analysis.In view of the variability of the network state,taking the multi-source and heterogeneous network security data as the research object and measures the overall state and changing trend of the network through network events and information entropy.In order to improve the analysis efficiency,the RadView visualization method is proposed on the basis of radial visual clustering technology,and the collaborative analysis of multi-views is constructed.From the perspective of details,it helps analysts to explore the abnormal information within network events,explore the characteristics of network attack behavior,and identify different attack patterns.(3)Based on the visual analysis of the network attack process and network security events,a visual analysis system of network attack behavior is designed and implemented.Combined with a variety of network security visualization technologies and interaction modes,the system analyzes the main characteristics of network attacks and the behavior patterns of affected hosts from two aspects of process and results.The feasibility and effectiveness of the visual analysis method in this paper are proved by four case studies and one usability study. |
PDF Full Text Request