基于多元异构网络安全数据可视化融合分析方法

随着现代网络安全设备日益丰富,安全日志呈现多元异构趋势.针对日志数据量大、类型丰富、变化快等特点,提出了利用可视化方法来融合网络安全日志,感知网络安全态势.首先,选取了异构安全日志中有代表性的8个维度,分别采用信息熵、加权法、统计法等不同算法进行特征提取;然后,引入树图和符号标志从微观上挖掘网络安全细节,引入时间序列图从宏观展示网络运行趋势;最后,系统归纳图像特征,直观分析攻击模式.通过对VAST Challenge 2013竞赛数据进行分析,实验结果表明, 该方法在帮助网络分析人员感知网络安全态势、识别异常、发现攻击模式、去除误报等方面有较大的优势.

Visual fusion and analysis for multivariate heterogeneous network security data

With the growing richness of modern network security devices, network security logs show a trend of multiple heterogeneity. In order to solve the problem of large-scale, heterogeneous, rapid changing network logs, a visual method was proposed for fusing network security logs and understanding network security situation. Firstly, according to the eight selected characteristics of heterogeneous security logs, information entropy, weighted method and statistical method were used respectively to pre-process network characteristics. Secondly, treemap and glyph were used to dig into the security details from micro level, and time-series chart was used to show the development trend of the network from macro level. Finally, the system also created graphical features to visually analyze network attack patterns. By analyzing network security datasets from VAST Challenge 2013, the experimental results show substantial advantages of this proposal in understanding network security situation, identifying anomalies, discovering attack patterns and removing false positives, etc.