NetSecRadar:A Visualization System for Network Security Situational Awareness
Situational awareness is defined as the ability to effectively deter mine an overall computer network status based on relationships between securi ty events in multiple dimensions.Unfortunately, as the lack of tools to syntheti cally analyze the security logs generated by kinds of network security products, such as NetFlow, Firewall and Host Security, it is difficult to monitor and perceive network security situational awareness.Information visualization al lows users to discover and analyze large amounts of information through visual exploration and interaction efficiently.Even with the aid of visualization, iden tifying the attack patterns from big multi-source data and recognizing the abnormal from visual clutter are still challenges.In this paper, a novel visuali zation system, NetSecRadar, is proposed for network security situational awareness based on multi-source logs, which can monitor the network and perceive the overall view of the security situation by using radial graph.NetSe cRadar utilizes a hierarchical force-directed graph layout for arrangement of thousands of hosts to better use the available screen space, and provides the me thod to quantify the dangerous levels of the security events, and finds the corre lations of security events generated by multi-source logs and perceives the patterns of abnormal in situational awareness, and synthesizes interactions, fil tering and drill-down to understand the detail information.To demonstrate the systems capabilities, we utilize the VAST Challenge 2013 as case study.
Network Security Situational Awareness Information Visualization Radial graph
Fangfang Zhou Ronghua Shi Ying Zhao Yezi Huang Xing Liang
School of Information Science and Engineering,Central South University,Changsha,China
国际会议
The 5th International Symposium on Cyberspace Safety and Security ( CSS2013)(第五届国际网络空间安全和安保研讨会)
张家界
英文
403-416
2013-11-13(万方平台首次上网日期,不代表论文的发表时间)