网络安全日志可视化分析研究进展  被引量：15

作　　者：张胜 赵珏[1] 陈荣元 ZHANG Sheng;ZHAO Jue;CHEN Rongyuan(Institute of Big Data and Internet Innovation,Hunan University of Commerce,Changsha 410205,China;School of Information Science and Engineering,Central South University,Changsha 410083,China;School of Computer,National University of Defense Technology,Changsha 410073,China)

机构地区：[1]湖南商学院大数据与互联网创新研究院,长沙410205 [2]中南大学信息科学与工程学院,长沙410083 [3]国防科技大学计算机学院,长沙410073

出　　处：《计算机科学与探索》2018年第5期681-696,共16页Journal of Frontiers of Computer Science and Technology

基　　金：The National Natural Science Foundation of China under Grant No.61402540(国家自然科学基金);the Natural Science Foundation of Hunan Province under Grant No.2016JJ2070(湖南省自然科学基金).

摘　　要：在网络安全形势与挑战日益严峻复杂的环境下,网络安全日志可视化作为新兴交叉领域,能够将抽象的数据信息转化为可视图呈现,从而更直观地分析网络安全特征,实时响应网络事件,全方位感知网络安全态势,提高网络安全技术的实时性、有效性和可控性。首先分析了传统网络安全技术的特点以及日志分析的现有问题,指出可视化分析的必要性;其次对网络安全日志可视化的三要素(人、事、物)和流程进行了定义,引入图技术并按照基础图、常规图和新颖图进行了归纳,为进一步研究提供了思路;然后重点阐述了防火墙、入侵系统、网络负载、主机状态和多源大数据融合五类日志可视化分析技术,并深入研究其方法特点以及代表作品;最后对未来可视化技术发展的本质方向提出了以人为本、以图为媒的展望。With the incessant expansion and evolution of modern network security threats,the situation and challenges of network security are becoming increasingly severe and complicated.Network security logs visualization,a new cross subject,can help users intuitively analyze network security features,respond to internet events in realtime,and offer analysts 360-degree network security situation awareness via visualizing abstract network and security data.This paper first introduces the characteristics of the running security equipment and the analysis drawbacks,and points out the necessity of visual analysis.Next,this paper defines three elements(people,incident,device)and the process flow of network security visualization,and summarizes the figure technology according to basic figure,general figure and novel figure,which provide a new thought for further research.Then,this paper focuses on discussing five network logs visualization technologies and their respective representative works:the firewall,intrusion,network traffic,the host state and multi-source big data fusion.Finally,this paper prospects the essence of visu-alization technology in the future,that is people-oriented and figure-mediumed.

关 键 词：网络安全日志 数据源 图技术 可视化系统 可视分析 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]