Research and Implement on Network Visual Analytic System Based on TcpFlow

doi:10.3969/j.issn.1671-1122.2016.02.007

Netinfo Security ›› 2016, Vol. 16 ›› Issue (2): 40-46.doi: 10.3969/j.issn.1671-1122.2016.02.007

• Orginal Article • Previous Articles Next Articles

Research and Implement on Network Visual Analytic System Based on TcpFlow

Hao MENG^1,^2,³, Jinsong WANG^1,^2,³(), Jingyun HUANG^1,^2,³, Huirong NAN^1,^2,³

1. School of Computer and Communication Engineering, Tianjin University of Technology, Tianjin 300384, China
2. Tianjin Key Laboratory of Intelligence Computing and Novel Software Technology, Tianjin 300384, China
3. National Engineering Laboratory for Computer Virus Prevention and Control Technology, Tianjin 300457,China

Received:2015-12-14 Online:2016-02-10 Published:2020-05-13

Abstract

Abstract:

This paper designs a visual analytic system for analyzing the structure of network by using TcpFlow data. Its functions include distinguishing the hosts between clients and servers in the network, dividing the topology of network, classing the servers, and finding communication modes. The system has two modules. The first module is used to analyze the structure and hosts of the network by visual analysis of the TcpFlow data. And we can also use it to discover special communication modes through visualizing the session procedures of the TcpFlow data. Meanwhile, the second module can be used to analyze the network communication modules real-timely. With these two modules, the system can help network administrators and network security analysts understand the structure of the whole network and characteristics of the network quickly, and make it convenient to the management of the network and perception of network security situation.

Key words: analysis of network structure, network communication mode, TcpFlow, visual analysis

CLC Number:

TP309

Hao MENG, Jinsong WANG, Jingyun HUANG, Huirong NAN. Research and Implement on Network Visual Analytic System Based on TcpFlow[J]. Netinfo Security, 2016, 16(2): 40-46.

Figures/Tables 13

References 17

[1]	MARTY R.Applied Security Visualization[M]. New Jersey: Addison-Wesley, 2009.
[2]	BECKER R, EICK S G, WILKS A R.Visualizing Network Data[J]. IEEE Transactions on Visualization and Computer Graphics, 1995, 1(1): 16-28.
[3]	韩丹,王劲松,宋密. 基于Snort的多视图网络流量可视化系统[J]. 天津理工大学学报,2014,30(2):42-45.
[4]	韩丹. 网络异常流量三维可视化研究[D]. 天津:天津理工大学,2014.
[5]	戚名钰,刘铭,傅彦铭. 基于PCA的SVM网络入侵检测研究[J]. 信息网络安全,2015(2):15-18.
[6]	ABDULLAH K, LEE C P, CONTI G, et al.Visualizing Network Data for Intrusion Detection[C]//IEEE. Sixth Annual IEEE SMC, June 15-17, 2005, Maryland, USA. New Jersey: IEEE, 2005: 100-108.
[7]	XIAO Ling, GERTH J, HANRAHAN P.Enhancing Visual Analysis of Network Traffic Using a Knowledge Representation[C]//IEEE. Visual Analytics Science and Technology, 2006 IEEE Symposium On, October 31-November 2, 2006, Baltimore, USA. New Jersey: IEEE, 2006: 107-114.
[8]	赵滟,顾益军. 基于主观Bayes方法和相关反馈技术的文档搜索重排序[J]. 信息网络安全,2015(4):41-44.
[9]	PEUQUET D J.It,s About Time: A Conceptual Framework for the Representation of Temporal Dynamics in Geographic Information Systems[J]. Annals of the Association of american Geographers, 1994, 84(3): 441-461.
[10]	刘鹏,陈厚武,房潇,等. 网络安全态势监控机制与模型研究[J]. 信息网络安全,2015(9):66-69.
[11]	MICHAEL W.Network Flow Analysis[M]. San Francisco: No Starch Press, 2014.
[12]	COLLINS M.Network Security Through Data Analysis: Building Situational Awareness[M]. Sebastopol: O'Reilly Media, 2014.
[13]	韩伟红,贾焰,郑毅. 海量网络服务实时自动分类系统的研究与实现[J]. 信息网络安全,2015(9):236-239.
[14]	OWED A. Working with Toxclibs [EB/OL]. , 2015-06-20.
[15]	ChinaVis2015[EB/OL]. , 2015-06-23.
[16]	陈华山,皮兰,刘峰,等. 网络空间安全科学基础的研究前沿及发展趋势[J]. 信息网络安全,2015(3):1-5.
[17]	吕良福,张加万,孙济洲,等. 网络安全可视化研究综述[J]. 计算机应用,2008,28(8):1924-1927.

Research and Implement on Network Visual Analytic System Based on TcpFlow

RichHTML

PDF (PC)

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 13

References 17

Related Articles 1

Recommended Articles

Metrics

Comments