Visual fusion of multi-source network security data based on labelled treemap

摘要

The security data generated in today's network are large-scaled, heterogeneous, and rapidly changing. As a result, the traditional methods fail to meet the needs of analysis on the security data. This paper proposes labelled treemap to visually fuse the multi-source network security logs. Firstly, data sources are classified at their collecting locations, and the objects of security data are taken from three different layers. Secondly, in order to solve the problem of insufficient attribute dimension of treemap, the Glyph is adopted to broaden the representation scope, which can make fusion at data-level on labelled treemap. Finally, by choosing the appropriate feature extraction algorithm for the multi-source data, fusion at feature-level is conducted on time-series diagrams, which can represent the network security situation. The analyses of the network security datasets from VAST Challenge 2013 prove this method having substantial advantages for network analysts to better understand network security situation, identify anomalies, discover attack pattern and remove the false positives, etc.