摘要
网络态势可视化技术通过将网络安全态势感知技术与可视化技术进行有机结合,将网络中蕴涵的安全态势信息通过可视化的方式展示给用户,通过直观的展示来辅助人们进行决策,实现对网络异常行为的分析和检测。该方式可以充分利用人脑在图像处理方面处理能力的优势,从而提高对数据的综合分析能力和理解能力,从而达到对网络安全态势进行准确掌控的目的。
网络安全事件包含很多属性,例如安全事件类型,时间,网络IP地址等等。通过网络安全态势信息中的IP地址与IP地理地址表的映射,可以得到该IP地址的大致地理范围。将安全事件的地理位置信息以合理的方式展示,对于网络安全态势的感知,对决策层制定决策和传达决策,都具有积极而重要的意义。如何充分发挥地图的优势,在地图相对有限的面积里,展现更多的网络安全事件信息,并以合理的方式展示出来;以及如何通过地图,达到其它展示方式达不到的展示效果,是本文工作的核心问题。
本文的主要工作如下:
1、介绍了网络安全态势可视化、电子地图及基于地图的网络安全态势展示等方面的研究现状,并对基于地图的网络安全信息展示的方法及技术特点进行了分析和比较。
2、设计提出了基于地图的网络安全态势展示模型,并对模型的功能和各子模块进行了详细的定义和设计。该模型包括三个层次,包括数据处理层,数据缓存层以及展示层,实现了从原始数据处理、数据缓存以及基于地图展示的所有功能。通过静态、动态、历史、实时、传统、扭曲等不同角度展示网络安全态势,便于决策者从不同角度产生对网络安全态势的认知。
3、为了解决基于传统地图的网络安全态势展示中出现的麻团问题和地图资源分配不合理的问题。提出了基于扭曲地图的网络安全信息展示算法,该算法根据Area-By-Value的思想将地图变形,实现地图面积与网络安全信息数据的对应,从根本上避免了麻团问题的成因。给出了算法详细实现,并通过实验分析,证明了算法的有效性。
4、设计实现了互联网安全状况指数计算与展示系统中的地图展示子系统。该子系统的主要功能是面向互联网定期发布全国网络安全状况指数报告。设计实现了展示部分的体系结构和功能,并选择了SuperMap地理信息系统作为可视化平台,在此平台上搭建系统并编码实现了系统功能。系统功能完整,界面直观,运行平稳,达到了预期设计目标。
By the combination of the cognitive technology of network security awareness and the technology of visualization, this visualization technology of network awareness shows us the information about security awareness containing in the network via visualization. This directly showing can help us to make decisions and to realize the analysis and detections about the abnormal activities on the Internet. Taking the advantage of the ability of human brains to process images, this method increases the capabilities of aggregated analysis and understandings about data, therefore the controlling of network security awareness can be much more accurately.
Characterized by type, time, ip address, etc., the network security incidents have plenty of attributes. By mapping the ip address table the information of network security awareness to the geographical ip addresses table, the general geographical location of the aforesaid ip address can be approached, which not only is important for the cognition of network security awareness, but also makes sense for the deciders to make and convey decisions.
This paper focuses on the core problems about maps, which is, how to bring the advantages of maps into fully play, how to present as much information of network security incidents reasonably as we can in a relatively limited area of the map, as well as how the effect can be achieved through maps rather than other methods.
The main constructions of this paper are as follows:
1. An introduction to the recent researches about the visualization of network security awareness, the electronic maps, and the network security awareness display based on maps, as well as an analysis and a comparison of the method and technical characteristics about the aforesaid display.
2. A model of network security awareness display based on maps, which has three levels, the data processing level, the data buffering level as well as the display level. This model, as a realization of all the functions of original data processing, buffering and the display based on maps, presents the network security awareness from multiple aspects, such as, static, dynamic, historical, real-time, traditional, distortion. It is furthermore useful for the decision-makers to cognize the network security awareness from different perspectives.
3. An algorithm of network security awareness display based on distorted maps, which is built to solve the problems of overlapping problem and the improperly resource allocations of the map coming from the display based on traditional maps. This algorithm, metamorphosing the map according to the Area-By-Value Theory, can realize the correspondence between the area of the map and the data of the network security information. Therefore, the cause of formation of overlapping problem can be avoided radically. This paper has not only given the detailed realization of this algorithm, but also proved the validity by experimental analysis.
4. A subsystem of the Calculation and Display System for the Network Security Index. The main function of this subsystem is the periodic reporting of the index of national network security awareness facing to the Internet, which realizes the architecture and features of the display part. Meanwhile, the subsystem chooses the SuperMap geographical information system as the visualization platforFm, on which we construct the system and implement it by coding. With the functional compleness, the intuitive interface, and the stability of operation, this subsystem has already achieved the predetermined objective.
引文
[1]Hongli Zhang, Binxing Fang, Mingzeng Hu. A Survey on Internet measurement and analysis. Journal of Software,2003,14(1):110~116.
[2]N. Gershon, S. G. Eick, S. Card. Information visualization. IEEE Computer Graphics and Appliacations,1997,17(4):29~31.
[3]J. Lamping, R. Rao. The hyperbolic browser:a focus context technique for visualizing large hierarchies. Journal of Visual Languages and Computing,1996, 7(1):33~55.
[4]B. M. Waxman. Routing of multipoint connections. IEEE journal in Communications,1998,6(9):1617~1625.
[5]G. D. Bathsta, Di Battist, Tamassia. Algorithms for drawing graphs:an annotated bibliography. Computational Geometry Theory and Applications,1994,4(5): 235~282.
[6]Daniel Dorling. Area Cartograms:Their Use and Creation. Department of Geography, University of Bristol, England,1st edition,1996.
[7]L. R. Foulds. Graph Theory Applications. Springer, Berlin,1992.
[8]M. Gen, R. Cheng. Genetic Algorithm and Engineering Optimization. Wiley, New York,2000.
[9]Donald H. House, Christopher J. Kocmoud. Continuous cartogram construction. In IEEE Visualization, Research Triangle Park, NC,1998:197~204.
[10]D. Barbara, X. Wu. Using loglinear models to comperss datacubes. Proceedings of International Confeernce on Web-Age Information Management (WAIM'00), Shanghai, China,2000:311~322.
[11]N. Roussopoulos, Y. Kotidis, M. Roussopoulos. Cubetree:Organization of and Bulk Incremental Updates on the Data Cube. Proceedings of ACM SIGMOD International Conference on Management of Data (SIGMOD'97), Tucson, USA, 1997:89~99.
[12]T. Johnson, D. Shasha. Some Apporaches to Index Design for Cube Forest. IEEE Data Engineering Bulletin,1997,22(1):27~35.
[13]T. Johnson, D. Shasha. Some Approaches to Index Design for Cube Forest. IEEE Data Engineering Bulletin,1999,22(4):22~30.
[14]G. Sathe, S. Sarawagi. Intelligent Rollups in Multidimensional OLAP Data. Porceedings of 27th International Conference on Very Large Data Bases (VLDB'01), Rome, Italy,2001:531~540.
[15]何慧,胡铭曾,张宏莉,裴晓峰,杨志.网络拓扑图多级分割塌缩阶段算法改进.华中科技大学学报,2005(33):25-33.
[16]谢红漫,钱德沛,栾钟治,陈衡.基于分层的网络拓扑结构可视化方法研究.北京航空航天大学学报,2004,30(6):38-49.
[17]张伟明,罗军勇,王清贤.网络拓扑可视化研究综述.计算机应用研究,2008,25(6):27-36.
[18]王柏,吴巍,徐超群,吴斌.复杂网络可视化研究综述.计算机科学,2007,34(4):34-40.
[19]孙艺峻,张宏莉,何慧.大规模网络安全事件预警可视化算法研究.计算机工程与应用,2007,43(21):48-54.
[20]P. A. Tucker, D. Maler. Exploiting Punctuation Semantics in Continuous Data Streams. IEEE Trans.on Knowledge and Data Engineering,2003,15(3):458~465.
[21]L. Golab, M. T. Ozsu. Issues in Data stream management. SIGMOD Record, 2003,32(2):5~14.
[22]M. Datar, A. Gionis, P. Indyk, and R. Motwani. Maintaining stream statistics over sliding windows. Proc. of the 2002 Annual ACM-SIAM Symp. On Discrete Algorithm,2002:635~644.
[23]B. Babcock, M. Datar, R. Motwani. Sampling from a moving window over streaming data. Proc. Of the 2002 Annual ACM-SIAM Symp. On Discrete Algorithms,2002:633~635.
[24]B. Babcock, M. Datar, etc. Maintaining variance and k-Medians over data stream windows. Proc. Of the 22nd ACM SIGACT-SIGMOD-SIGART Symp, On Principles of Datsbase systems, San Diego:ACM Press,2003:234~243.
[25]李晓梅,黄朝晖.科学计算可视化导论.国防科技大学出版社,长沙,1996:5.
[26]陈秀真,郑庆华,管晓宏.网络化系统安全态势评估的研究.西安交通大学学报,2004,38(4):404-408.
[27]王慧强,赖积保,朱亮.网络态势感知系统研究综述.计算机科学,2006,33(10):5-10.
[28]陈彦德,赵陆文,王琼.网络安全态势感知系统结构研究.计算机工程与应用,2008,44(1):329-335.
[29]A. Datta and H. Thomas. A Conceptual Model and Algebra for On-Line Analytical. Int. Seventh Annual Workshop on Information Technologies and Systems (WITS 1997),1997:91~100.
[30]李盛恩,王珊.封闭的Data Cube及其查询处理.软件学报,2004,15(8):165-171
[31]Y. Kotidis, N. Roussopoulos. DynaMat:a dynamic view management system for data warehouses. Proceedings of the 1999 ACM SIGMOD international conference on Management of data. Philadelphia, Pennsylvania, United States. 1999:371~382.
[32]B. Shah, K. Ramach, V. Raghavan. A Hybrid Approach for Data Warehouse View Selection.in:www.iscas2007.org/-bns0742/homepage/Publications/IJDWM-Final-PostRevisions.pdf.
[33]Edda Leopold and Jorg Kindermann. Text categorization with support vector machines. How to represent texts in input space? Machine Learning,2002,46: 423~444.
[34]Stefan Wermter. Neural Network Agents for Learning Semantic Text Classification.Inf. Retr,2000,3(2):87~103.
[35]Paolo Rosso, Edgardo Ferretti, Daniel Jimenez and Vicente Vidal. Text Categorization and Information Retrieval Using WordNet Senses. GWC 2004: 299~304.
[36]Rudy Prabowo, Mike Jackson, Peter Burden, Heinz-Dieter Knoell. Ontology-Based Automatic Classification of Web Pages:Design, Implementation and Evaluation. Proceedings of the 3rd International Conference on Web Information Systems Engineering,2002:182~191.
[37]Ching Kang Cheng, Xiaoshan Pan, Franz J. Kurfess. Ontology-Based Semantic Classification of Unstructured Documents. Adaptive Multimedia Retrieval 2003: 120~131.
[38]Jiawei Han, Micheline Kamber. Data Mining Concepts and Techniques, Second Edition. China Machine Press,2008.6:89~98.