信息熵时序和树图用于NetFlow可视化的研究  

Research on applying information entropy time series and TreeMap to NetFlow visualization

在线阅读下载全文

作  者:张胜[1,2] 施荣华[1] 赵颖[1] 周芳芳[1] 

机构地区:[1]中南大学信息科学与工程学院,长沙410083 [2]湖南商学院现代教育技术中心,长沙410205

出  处:《高技术通讯》2014年第9期903-909,共7页Chinese High Technology Letters

基  金:国家自然科学基金(61103108;61402540);湖南省科技计划博士后专项;中南大学博士后启动资金(2012RS4049)资助项目

摘  要:针对NetFlow日志规模日益扩大、变化日益加快,致使管理和分析难度日益增大的趋势,根据网络安全可视化的思想,构建了一种用时间序列(Time series)图和树图(TreeMap)相结合的方式分析NetFlow日志的可视化系统(简称2T图系统),用以快速、有效地识别网络中的攻击和异常事件,掌握网络安全态势。该系统重点考虑了NetFlow日志中六个特征维的信息熵,通过构建时间序列图来从宏观上掌控网络状态,同时引入树图来深度挖掘入侵细节。系统还通过创建图像特征规则,从图像上直观分析攻击,发现感兴趣的模式。通过对VAST Challenge 2013年网络安全可视分析竞赛数据进行分析,证明该系统可以直观地从宏观和微观两个层面感知网络安全状态,有效地识别网络攻击和辅助分析人员决策。Considering that the management and analysis of the NetFlow log are becoming more difficult because of the NetFlow log' s increase in size and changing speed, a Visualization system for analysis of the NetFlow log by using the Time series map combined with the TreeMap according to the concept of network security visualization, was constructed to quickly, effectively identify network attacks and abnormal events in networks. By focusing on the six characteristics of information entropy, the system can successfully oversee the network security situation against the Time Series. At the same time, it can drill down into the details of invasion by using the TreeMap. The system also uses an image feature rule to construct visual figures for attack analysis and pattern exploration. Through the analysis of the VAST Challenge2013 competition data on this system, it was showed that the system can intuitively capture the network security status from the macro and micro levels, as well as effectively identify network attacks and give the support in decision-making.

关 键 词:网络安全可视化 安全态势评估 NETFLOW 信息熵 时间序列图 树图 

分 类 号:TP393.08[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象