计算机科学与探索 ›› 2018, Vol. 12 ›› Issue (5): 681-696.DOI: 10.3778/j.issn.1673-9418.1707064

• 综述·探索 • 上一篇    下一篇

网络安全日志可视化分析研究进展

张  胜1,2,赵  珏1+,陈荣元3   

  1. 1. 湖南商学院 大数据与互联网创新研究院,长沙 410205
    2. 中南大学 信息科学与工程学院,长沙 410083
    3. 国防科技大学 计算机学院,长沙 410073
  • 出版日期:2018-05-01 发布日期:2018-05-07

Research Advances on Network Security Logs Visualization

ZHANG Sheng1,2, ZHAO Jue1+, CHEN Rongyuan3   

  1. 1. Institute of Big Data and Internet Innovation, Hunan University of Commerce, Changsha 410205, China
    2. School of Information Science and Engineering, Central South University, Changsha 410083, China
    3. School of Computer, National University of Defense Technology, Changsha 410073, China
  • Online:2018-05-01 Published:2018-05-07

摘要: 在网络安全形势与挑战日益严峻复杂的环境下,网络安全日志可视化作为新兴交叉领域,能够将抽象的数据信息转化为可视图呈现,从而更直观地分析网络安全特征,实时响应网络事件,全方位感知网络安全态势,提高网络安全技术的实时性、有效性和可控性。首先分析了传统网络安全技术的特点以及日志分析的现有问题,指出可视化分析的必要性;其次对网络安全日志可视化的三要素(人、事、物)和流程进行了定义,引入图技术并按照基础图、常规图和新颖图进行了归纳,为进一步研究提供了思路;然后重点阐述了防火墙、入侵系统、网络负载、主机状态和多源大数据融合五类日志可视化分析技术,并深入研究其方法特点以及代表作品;最后对未来可视化技术发展的本质方向提出了以人为本、以图为媒的展望。

关键词: 网络安全日志, 数据源, 图技术, 可视化系统, 可视分析

Abstract: With the incessant expansion and evolution of modern network security threats, the situation and challenges of network security are becoming increasingly severe and complicated. Network security logs visualization, a new cross subject, can help users intuitively analyze network security features, respond to internet events in real-time, and offer analysts 360-degree network security situation awareness via visualizing abstract network and security data. This paper first introduces the characteristics of the running security equipment and the analysis drawbacks, and points out the necessity of visual analysis. Next, this paper defines three elements (people, incident, device) and the process flow of network security visualization, and summarizes the figure technology according to basic figure, general figure and novel figure, which provide a new thought for further research. Then, this paper focuses on discussing five network logs visualization technologies and their respective representative works: the firewall, intrusion, network traffic, the host state and multi-source big data fusion. Finally, this paper prospects the essence of visualization technology in the future, that is people-oriented and figure-mediumed.

Key words: network security logs, data source, figure technology, visualization system, visual analysis