摘要
网络运行日志是网络管理人员掌握网络状态的主要信息来源,在对网络日志数据进行数据处理和特征分析之后,文章设计并实现了一个多视图合作的网络运行日志可视分析系统,将力导向图、堆叠图、热点图等多种协同交互、简单易用的可视视图引入网络安全可视化中,通过多视图合作方法实现对同一数据的多角度建模,从而帮助网络管理人员了解整个网络结构和网络运行特征。该系统包括两个模块,模块一从端口、连接和流量3个维度分析网络结构,进而区分网络的客户端和服务器;模块二以网络的整体流量状况作为切入口分析整个网络的异常情况,并从每小时、每分钟、每秒的维度对子网通信模式进行分析。
Network operation log is the main source o f inform ation for network managers to master the state o f the network. A fter dealing w ith the network operation data and according to the feature analysis, this paper presents a collaborative visual analyze system fo r network operation log, it provides m ultiple views w ith direct and rich interactions to modeling the data from different aspects.Force graph,stack graph and heat map are introduced to the visualization o f network security. Bycollaborative visual analytics can help network administrators understand the structure o f the wholenetwork and the operating characteristics o f the network. The system includes two modules. One is to analyze the network structure by three dimensions, port, connection and flow , and then distinguish the hosts between servers and clients. The other is to analyze the anomalies o f the whole network by the overall flow situation, and then to find communication modes by time dimension.
作者
王劲松
黄静耘
张洪玮
南慧荣
WANG Jinsong;HUANG Jingyun;ZHANG Hongwei;NAN Huirong(School of Computer and Communication Engineering, Tianjin University of Technology, Tianjin 300384, China;Tianjin Key Laboratory of Intelligence Computing and Novel Software Technology, Tianjin 300384, China;National Engineering Laboratory for Computer Virus Prevention and Control Technology, Tianjin 300457, China)
出处
《信息网络安全》
2016年第10期8-14,共7页
Netinfo Security
基金
国家自然科学基金[61272450]
天津市科技支撑项目[14ZCZDGX00072]
关键词
网络可视化
可视分析
网络通信模式
协同分析
network visualization
visualization analytics
netw ork com m unication mode
collaborative analytics
