摘要
网络安全可视化作为一个交叉应用研究领域,为传统网络安全数据分析方法注入了新的活力.但已有研究过于注重网络安全数据的可视表达,而忽视了对分析流程的支持.抽象了网络安全分析人员用网络流量时序数据检测网络异常的过程,提出了一个自顶向下的网络流量时序分析流程模型.以该模型为指导,设计并实现了一个多视图合作的网络流量时序数据可视分析原型系统.在分析端口扫描和DDo S攻击等常见网络异常的案例中,该系统中的4个协同交互、简单易用的可视视图,可以较好地支撑分析人员由整体到个体、由点到面以及由历史到未来的网络流量时序数据分析过程.
Cyber security visualization is a multi-discipline research field. Visualization techniques have injected new vitality into traditional analysis methods for cyber security. However, most existing studies focus on the visual expression and overlook the visual support for the data analysis process. This paper presents a top-down model for anomaly detection on network traffic time-series data drawing from the experience of cyber security analysts. A prototype system is designed based on this model, and it includes four collaborative views with direct and rich interactions. A number of experiments, including port scanning and DDo S attacking, are carried out to demonstrate that this system can support network traffic time-series analysis on overview to detail, point to area and past to future process flows.
出处
《软件学报》
EI
CSCD
北大核心
2016年第5期1188-1198,共11页
Journal of Software
基金
国家自然科学基金(61103108
61402540)
湖南省科技支撑计划(2014GK3049)~~
关键词
网络安全可视化
可视分析
网络流量
时序数据
异常检测
cyber security visualization
visual analytics
network traffic
time series data
anomaly detection
