计算机工程与应用 ›› 2018, Vol. 54 ›› Issue (21): 71-77.DOI: 10.3778/j.issn.1002-8331.1707-0432

• 网络、通信与安全 • 上一篇    下一篇

时变网络异常检测多视图协同可视分析

何凌君,胡海波,蒲誉文,马  奇   

  1. 重庆大学 软件学院,重庆 400044
  • 出版日期:2018-11-01 发布日期:2018-10-30

Coordinated visualization analysis of anomaly detection for time-varying network

HE Lingjun, HU Haibo, PU Yuwen, MA Qi   

  1. School of Software, Chongqing University, Chongqing 400044, China
  • Online:2018-11-01 Published:2018-10-30

摘要: 对于现在复杂多变的网络安全状况,基于可视化的手段来监测网络节点间的通信状态变化,可以帮助分析人员更高效地把握安全事件特征、感知安全态势。但是,现有的可视化研究对于具体主机间的连接关系以及连接关系在时间维度上的变化两个方面缺乏有效的展示方法。同时,常见的可视化方法无法提供一种直观的交互手段,帮助用户管理分析过程中提取出的离散特征,以便总结规律、发现异常。针对以上两点,设计并实现了一个以观察宏观特征的视图为索引,以深入特征展示的视图为核心,以管理和标注的视图为辅助的多视图合作可视分析系统。最后,以包含多起网络异常的网络安全日志数据集作为实验数据集,对可视化结果进行对比分析,验证了设计的有效性。

关键词: 时变网络, 安全可视化, 异常检测, 交互分析

Abstract: Cyber security is complex and variable, visualization is a practical method for monitoring the change of communication state. Visualization can help analyst efficient grasp the cyber incident and situation. However, the existing visualization study lacks effective display methods for the connection and connection relationships at time dimension. Furthermore, normal visualization methods can’t help user intuitively manages the discrete characteristics when analysis, to summarize the rules and find anomaly. For this two points, an interactive multi-view visualization system is designed. User can get context in overviews, can found more features at in-depth analysis view, can manage and mark feature in this visualization system. By comparing and analyzing the network security log data set that contained several network exceptions, this study verifies the effectiveness of this design.

Key words: time-varying network, security visualization, anomaly detection, interactive analysis