检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]中南大学信息科学与工程学院,长沙410083 [2]湖南商学院现代教育技术中心,长沙410205
出 处:《计算机应用》2015年第5期1379-1384,1416,共7页journal of Computer Applications
基 金:国家自然科学基金资助项目(61402540)
摘 要:随着现代网络安全设备日益丰富,安全日志呈现多元异构趋势。针对日志数据量大、类型丰富、变化快等特点,提出了利用可视化方法来融合网络安全日志,感知网络安全态势。首先,选取了异构安全日志中有代表性的8个维度,分别采用信息熵、加权法、统计法等不同算法进行特征提取;然后,引入树图和符号标志从微观上挖掘网络安全细节,引入时间序列图从宏观展示网络运行趋势;最后,系统归纳图像特征,直观分析攻击模式。通过对VAST Challenge 2013竞赛数据进行分析,实验结果表明,该方法在帮助网络分析人员感知网络安全态势、识别异常、发现攻击模式、去除误报等方面有较大的优势。With the growing richness of modern network security devices, network security logs show a trend of multiple heterogeneity. In order to solve the problem of large-scale, heterogeneous, rapid changing network logs, a visual method was proposed for fusing network security logs and understanding network security situation. Firstly, according to the eight selected characteristics of heterogeneous security logs, information entropy, weighted method and statistical method were used respectively to pre-process network characteristics. Secondly, treemap and glyph were used to dig into the security details from micro level, and time-series chart was used to show the development trend of the network from macro level. Finally, the system also created graphical features to visually analyze network attack patterns. By analyzing network security datasets from VAST Challenge 2013, the experimental results show substantial advantages of this proposal in understanding network security situation, identifying anomalies, discovering attack patterns and removing false positives, etc.
关 键 词:网络安全可视化 多元异构数据 特征提取 树图和符号标志 时间序列图
分 类 号:TP391[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.15