多视图合作的网络运行日志可视分析

doi:10.3969/j.issn.1671-1122.2016.10.002

信息网络安全 ›› 2016, Vol. 16 ›› Issue (10): 8-14.doi: 10.3969/j.issn.1671-1122.2016.10.002

多视图合作的网络运行日志可视分析

王劲松^1,^2,³(), 黄静耘^1,^2,³, 张洪玮^1,^2,³, 南慧荣^1,^2,³

1. 天津理工大学计算机与通信工程学院,天津 300384
2. 天津市智能计算及软件新技术重点实验室,天津 300384
3. 计算机病毒防治技术国家工程实验室,天津 300457

收稿日期:2016-08-10 出版日期:2016-10-31 发布日期:2020-05-13
作者简介:
作者简介：王劲松（1970—）,男,天津,教授,博士,主要研究方向为信息安全、计算机网络;黄静耘（1992—）,女,广东,硕士研究生,主要研究方向为网络安全与可视化;张洪玮（1990—）,男,江苏,博士研究生,主要研究方向为网络安全;南慧荣（1992—）,男,山西,硕士研究生,主要研究方向为网络安全。
基金资助:
国家自然科学基金[61272450];天津市科技支撑项目[14ZCZDGX00072]

Multiple View Cooperative Visual Analytics of Network Operation Log

Jinsong WANG^1,^2,³(), Jingyun HUANG^1,^2,³, Hongwei ZHANG^1,^2,³, Huirong NAN^1,^2,³

1. School of Computer and Communication Engineering, Tianjin University of Technology, Tianjin 300384, China
2. Tianjin Key Laboratory of Intelligence Computing and Novel Software Technology, Tianjin 300384, China
3. National Engineering Laboratory for Computer Virus Prevention and Control Technology, Tianjin300457, China

Received:2016-08-10 Online:2016-10-31 Published:2020-05-13

摘要/Abstract

摘要：

网络运行日志是网络管理人员掌握网络状态的主要信息来源,在对网络日志数据进行数据处理和特征分析之后,文章设计并实现了一个多视图合作的网络运行日志可视分析系统,将力导向图、堆叠图、热点图等多种协同交互、简单易用的可视视图引入网络安全可视化中,通过多视图合作方法实现对同一数据的多角度建模,从而帮助网络管理人员了解整个网络结构和网络运行特征。该系统包括两个模块,模块一从端口、连接和流量3个维度分析网络结构,进而区分网络的客户端和服务器;模块二以网络的整体流量状况作为切入口分析整个网络的异常情况,并从每小时、每分钟、每秒的维度对子网通信模式进行分析。

关键词: 网络可视化, 可视分析, 网络通信模式, 协同分析

Abstract:

Network operation log is the main source of information for network managers to master the state of the network. After dealing with the network operation data and according to the feature analysis, this paper presents a collaborative visual analyze system for network operation log, it provides multiple views with direct and rich interactions to modeling the data from different aspects. Force graph, stack graph and heat map are introduced to the visualization of network security. By collaborative visual analytics can help network administrators understand the structure of the whole network and the operating characteristics of the network. The system includes two modules. One is to analyze the network structure by three dimensions, port, connection and flow, and then distinguish the hosts between servers and clients. The other is to analyze the anomalies of the whole network by the overall flow situation, and then to find communication modes by time dimension.

Key words: network visualization, visualization analytics, network communication mode, collaborative analytics

中图分类号:

TP309

王劲松, 黄静耘, 张洪玮, 南慧荣. 多视图合作的网络运行日志可视分析[J]. 信息网络安全, 2016, 16(10): 8-14.

Jinsong WANG, Jingyun HUANG, Hongwei ZHANG, Huirong NAN. Multiple View Cooperative Visual Analytics of Network Operation Log[J]. Netinfo Security, 2016, 16(10): 8-14.

图/表 9

图1

表1

图2

图3

图4

图5

图6

图7

图8

参考文献 17

[1]	孟浩,王劲松,黄静耘,等. 基于TcpFlow的网络可视分析系统研究与实现[J]. 信息网络安全,2016(2):40-46.
[2]	赵颖,樊晓平,周芳芳,等. 网络安全数据可视化综述[J]. 计算机辅助设计与图形学学报,2014,26(5):687-697.
[3]	PLONKA D.FlowScan: A Network Traffic Flow Reporting and Visualization Tool[C]// USENIX. 14th USENIX Conference on System Administration, December 3-8, 2000, New Orleans, Louisiana, USA. New York: ACM, 2000: 305-317.
[4]	KOIKE H, OHNO K, KOIZUMI K.Visualizing Cyber-attacks Using IP Matrix[C]//IEEE. IEEE Workshop on Visualization for Computer Security (VizSEC 2005), October 26, 2005, Minneapolis, MN, USA. New Jersey, IEEE, 2005: 91-98.
[5]	CHEN Siming, GUO Cong, YUAN Xiaoru, et al.OCEANS: Online Collaborative Explorative Analysis on Network Security[C]//ACM. 11th Workshop on Visualization for Cyber Security, November 10, 2014, Paris, France. New York: ACM, 2014: 1-8.
[6]	FISHER F, FUCHS J, MANSMANN F, et al.BANKSAFE: Visual Analytics for Big Data in Large-scale Computer Networks[J]. Information Visualization, 2015, 14(1): 51-61.
[7]	COLLINS M.Network Security through Data Analysis: Building Situational Awareness[M]. Sebastopol: O'Reilly Media, 2014.
[8]	韩伟红,贾焰,郑毅. 海量网络服务实时自动分类系统的研究与实现[J]. 信息网络安全,2015(9):236-239.
[9]	LANZING J. Concept-map Homepage[EB/OL]. .
[10]	DWYER T, KOREN Y. Dig-CoLa: Directed Graph Layout through Constrained Energy Minimization[EB/OL]. .
[11]	ABDULLAH K, LEE C, CONTI G, et al.Visualizing Network Data for Intrusion Detection[C]//IEEE. 6th Annual IEEE SMC Information Assurance Workshop (IAW’ 05), June 15-17, 2005, New York, USA. New Jersey: IEEE, 2005: 100-108.
[12]	赵颖,王权,黄叶子,等. 多视图合作的网络流量时序数据可视分析[J]. 软件学报,2016,27(5):1188-1198.
[13]	BREITKREUTZ B J, STARK C, TYERS M.Osprey: a Network Visualization System[J]. Genome Biology, 2003, 4(3): 1-4.
[14]	BATTISTA G D, EADES P, TAMASSIA R, et al.Graph Drawing: Algorithms for the Visualization of Graphs[M]. Upper Saddle River: Prentice Hall, 1998.
[15]	国防科技大学高性能计算国家重点实验室. China Vis Homepage[EB/OL]. .
[16]	刘鹏,陈厚武,房潇,等. 网络安全态势监控机制与模型研究[J]. 信息网络安全,2015(9):66-69.
[17]	FORTIER S, SHOMBERT L A. Network Profiling and Data Visualization[EB/OL]. https://www.researchgate.net/publication/301356925_Network_Profiling_and_Data_Visualization, 2016-5-15.

多视图合作的网络运行日志可视分析

Multiple View Cooperative Visual Analytics of Network Operation Log

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 9

参考文献 17

相关文章 1

编辑推荐

Metrics

本文评价