基于可视分析的网络异常检测系统

doi:10.11959/j.issn.2096-109x.2018015

网络与信息安全学报 ›› 2018, Vol. 4 ›› Issue (2): 40-54.doi: 10.11959/j.issn.2096-109x.2018015

基于可视分析的网络异常检测系统

张浩城,吴晓洁,唐翔,舒润萱,丁天琛,董笑菊

上海交通大学电子信息与电气工程学院，上海 200240

修回日期:2018-01-30 出版日期:2018-02-01 发布日期:2018-03-08
作者简介:张浩城（1993-），男，上海人，上海交通大学硕士生，主要研究方向为可视化与可视分析。|吴晓洁（1995-），女，江西信丰人，上海交通大学本科生，主要研究方向为可视化与可视分析。|唐翔（1992-），男，江苏扬州人，上海交通大学硕士生，主要研究方向为可视化与可视分析。|舒润萱（1997-），男，吉林吉林人，上海交通大学本科生，主要研究方向为可视化与可视分析。|丁天琛（1996-），男，上海人，上海交通大学本科生，主要研究方向为可视化与可视分析。|董笑菊（1975-），女，吉林公主岭人，博士，上海交通大学副教授，主要研究方向为可视化与可视分析、形式化方法。
基金资助:
国家自然科学基金资助项目(61472238);国家自然科学基金资助项目(61772336);国家自然科学基金资助项目(61572318)

System detecting network anomaly with visualization techniques

Haocheng ZHANG,Xiaojie WU,Xiang TANG,Runxuan SHU,Tianchen DING,Xiaoju DONG

School of Electronic Information and Electrical Engineering,Shanghai Jiaotong University,Shanghai 200240,China

Revised:2018-01-30 Online:2018-02-01 Published:2018-03-08
Supported by:
TheNational Nature Science Foundation of China(61472238);TheNational Nature Science Foundation of China(61772336);TheNational Nature Science Foundation of China(61572318)

摘要/Abstract

摘要：

在网络安全数据的规模和复杂度不断攀升的今天，传统可视化方法已不再适用。现有的网络安全可视化系统和方法仍具有缺陷，它们无法对网络安全数据进行时序变化上的展示，在信息展示的完备性和用户交互性上表现较差。针对现有方法的不足，设计了一种多视图联动的网络安全可视化系统，将力导向模型和阶段式动画相结合，展示网络静态状态和动态变化，提供协议、IP段、端口的展示与筛选功能，为使用者展示全面丰富的网络数据。

关键词: 信息可视化, 网络安全可视化, 可视化系统, 交互

Abstract:

With the fast development of information technology and computer network,the scale and complexity of network security data grows rapidly.Traditional visualization techniques are no longer suitable.In addition,it designs interactive functions based on the feature of network security analysis,in order to assist the network security analyst.The existing approaches for network security visualization have some defects,which fail to provide a good indication of network security data in terms of timing and also fail to display information completely and realize user-friendly interaction.A multi-view network security visualization system was proposed,which provided the analysts of both the static status and dynamic changes of the network by combining the force-oriented model and the staged animation.It provides comprehensive information with display and filter of protocols,IP segment and port.The system on Shanghai Network database were evaluated.

Key words: information visualization, network security visualization, visualization system, interaction

中图分类号:

TP393.08

张浩城,吴晓洁,唐翔,舒润萱,丁天琛,董笑菊. 基于可视分析的网络异常检测系统[J]. 网络与信息安全学报, 2018, 4(2): 40-54.

Haocheng ZHANG,Xiaojie WU,Xiang TANG,Runxuan SHU,Tianchen DING,Xiaoju DONG. System detecting network anomaly with visualization techniques[J]. Chinese Journal of Network and Information Security, 2018, 4(2): 40-54.

图/表 14

图1

图2

图3

图4

图5

图6

图7

图8

图9

图10

图11

图12

图13

图14

参考文献 40

[1]	CONTI G . Security data visualization[M]. No Starch Press, 2007.
[2]	MARTY R . Applied security visualization[M]. Addison-Wesley Professional, 2009.
[3]	KOIKE H , OHNO K , KOIZUMI K . Visualizing cyber attacks using IP Matrix[C]// IEEE,Visualization for Computer Security. 2005: 91-98.
[4]	MCPHERSON J , MA K L , KRYSTOSK P ,et al. PortVis:a tool for port-based detection of security events[C]// ACM Workshop on Visualization and Data Mining for Computer Security. 2004: 73-81.
[5]	ZHAO Y . MVSec:a novel multi-view visualization system for network security[D]. Changsha:Central South University, 2013.
[6]	ABDULLAH K , LEE C P , CONTI G ,et al. Visualizing network data for intrusion detection[C]// The Sixth IEEE SMC Information Assurance Workshop. 2005: 100-108.
[7]	POHL M , REITZ F , BIRKE P . As time goes by:integrated visualization and analysis of dynamic networks[C]// ACM Working Conference on Advanced Visual Interfaces. 2008: 372-375.
[8]	FEDERICO P , AIGNER W , MIKSCH S ,et al. A visual analytics approach to dynamic social networks[C]// The International Conference on Knowledge Management and Knowledge Technologies. 2011: 1-8.
[9]	FARRUGIA M , HURLEY N , QUIGLEY A . Exploring temporal ego networks using small multiples and treering layouts[C]// The Fourth International Conference on Advances in Computer-Human Interactions. 2011: 79-88.
[10]	ANDREWS K , WOHLFAHRT M , WURZINGER G . Visual graph comparison[C]// IEEE International Conference on Information Visualisation. 2009: 62-67.
[11]	ALPER B , BACH B , RICHE N H ,et al. Weighted graph comparison techniques for brain connectivity analysis[C]// Sigchi Conference on Human Factors in Computing Systems. 2013: 483-492.
[12]	DRAGICEVIC P , . Interactive graph matching and visual comparison of graphs and clustered graphs[C]// The International Working Conference on Advanced Visual Interfaces. 2012: 522-529.
[13]	COLLBERG C , KOBOUROV S , NAGRA J ,et al. A system for graph-based visualization of the evolution of software[C]// ACM Symposium on Software Visualization. ACM, 2003: 77-ff.
[14]	LERMAN K , GHOSH R , KANG J H . Centrality metric for dynamic networks[C]// KDD Workshop on Mining and Learning with Graphs. 2010: 70-77.
[15]	FEDERICO P , PFEFFER J , AIGNER W ,et al. Visual analysis of dynamic networks using change centrality[C]// The International Conference on Advances in Social Networks Analysis and Mining. 2012: 179-183.
[16]	DWYER T , EADES P . Visualising a fund manager flow graph with columns and worms[C]// The International Conference on Information Visualisation. 2002: 147-152.
[17]	BRANDES U , CORMAN S R . Visual unrolling of network evolution and the analysis of dynamic discourse[C]// IEEE Symposium on Information Visualization. 2002: 145-151.
[18]	TVERSKY B , MORRISON J B , BETRANCOURT M . Animation:can it facilitate?[J]. International Journal of Human-Computer Studies, 2002,57(4): 247-262.
[19]	SHANMUGASUNDARAM M , IRANI P . The effect of animated transitions in zooming interfaces[C]// ACM Working Conference on Advanced Visual Interfaces. 2008: 396-399.
[20]	CHEVALIER F , DRAGICEVIC P , BEZERIANOS A ,et al. Using text animated transitions to support navigation in document histories[C]// The International Conference on Human Factors in Computing Systems. 2010: 683-692.
[21]	HEER J , ROBERTSON G G . Animated transitions in statistical data graphics[J]. IEEE Transactions on Visualization ＆ Computer Graphics, 2007,13(6): 1240-1247.
[22]	BEZERIANOS A , CHEVALIER F , DRAGICEVIC P ,et al. GraphDice:a system for exploring multivariate social networks[J]. Computer Graphics Forum, 2010,29(3): 863-872.
[23]	HEER , JEFFREY , STUART K ,et al. Prefuse:a toolkit for interactive in-formation visualization[J]. Proc Chi, 2015,37(4): 421-430.
[24]	YEE , PING K . Animated exploration of dynamic graphs with radial layout[C]// IEEE Symposium on Information Visualization. 2002: 43-50.
[25]	GUILMAINE D , VIAU C , MCGUFFIN M J . Hierarchically animated transitions in visualizations of tree structures[C]// The 2012 International Conference on Advanced Visual Interfaces. 2012: 514-521.
[26]	CARD S K , SUH B , PENDLETON B A ,et al. Time tree:exploring time changing hierarchies[C]// 2006 IEEE Symposium On Visual Analytics Science And Technology. 2006: 3-10.
[27]	HEER J , CARD S K . DOITrees revisited:scalable,space-constrained visualization of hierarchical data[C]// Working Conference on Advanced Visual Interfaces(AVI 2004). 2004: 421-424.
[28]	EADES P , HUANG M L . Navigating clustered graphs using force-directed methods[M]// Graph Algorithms And Applications 2. 2000: 191-215.
[29]	FRIEDRICH C , EADES P . The marey graph animation tool demo[J]. Lecture Notes in Computer Science, 2001,1984(1984): 396-406.
[30]	FRIEDRICH C , HOULE M E . Graph drawing in motion[C]// The International Symposium on Graph Drawing. 2001: 220-231.
[31]	BRANDES U , WAGNER D . Analysis and visualization of social networks[M]// Drawing Software,Mathematics and Visualization.Berlin:Springer. 2004: 321-340.
[32]	BASTIAN M , HEYMANN S , JACOMY M . Gephi:an open source software for exploring and manipulating networks[C]// The Third International Aaai Conference On Weblogs And Social Media. 2009.
[33]	AHN J W , TAIEB-MAIMON M , SOPAN A ,et al. Temporal visualization of social network dynamics:prototypes for nation of neighbors[C]// The International Conference on Social Computing,Behavioral-Cultural Modeling and Prediction. 2008: 309-316.
[34]	PURCHASE H C , SAMRA A . Extremes are better:investigating mental map preservation in dynamic graphs[C]// The International Conference on Theory and Application of Diagrams. 2008: 60-73.
[35]	ARCHAMBAULT D , MUNZNER T , AUBER D . TopoLayout:multilevel graph layout by topological features[J]. IEEE Transactions on Visualization ＆ Computer Graphics, 2007,13(2): 305.
[36]	ARCHAMBAULT D , PURCHASE H , PINAUD B . Animation,small multiples,and the effect of mental map preservation in dynamic graphs[J]. IEEE Transactions on Visualization ＆ Computer Graphics, 2011,17(4): 539-552.
[37]	KAMADA T , KAWAI S . An algorithm for drawing general undirected graphs[J]. Information Processing Letters, 1989,31(1): 7-15.
[38]	DAVIDSON R , HAREL D . Drawing graphs nicely using simulated an-nealing[J]. ACM Trans Graphics, 1996,15(4): 301-331.
[39]	FRUCHTERMAN T M J , REINGOLD E M . Graph drawing by force-directed placement[J]. Software Practice ＆ Experience, 1991,21(11): 1129-1164.
[40]	FORESTI S , AGUTTER J , LIVNAT Y ,et al. Visual correlation of network alerts[J]. IEEE Computer Graphics ＆ Applications, 2006,26(2): 48-59.

基于可视分析的网络异常检测系统

System detecting network anomaly with visualization techniques

在线阅读

pdf下载

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 14

参考文献 40

相关文章 1

Metrics

推荐阅读 0