关键词: 网络安全日志, 数据源, 图技术, 可视化系统, 可视分析

Abstract: With the incessant expansion and evolution of modern network security threats, the situation and challenges of network security are becoming increasingly severe and complicated. Network security logs visualization, a new cross subject, can help users intuitively analyze network security features, respond to internet events in real-time, and offer analysts 360-degree network security situation awareness via visualizing abstract network and security data. This paper first introduces the characteristics of the running security equipment and the analysis drawbacks, and points out the necessity of visual analysis. Next, this paper defines three elements (people, incident, device) and the process flow of network security visualization, and summarizes the figure technology according to basic figure, general figure and novel figure, which provide a new thought for further research. Then, this paper focuses on discussing five network logs visualization technologies and their respective representative works: the firewall, intrusion, network traffic, the host state and multi-source big data fusion. Finally, this paper prospects the essence of visualization technology in the future, that is people-oriented and figure-mediumed.

Key words: network security logs, data source, figure technology, visualization system, visual analysis