Article: Visual fusion of multi-source network security data based on labelled treemap Journal: International Journal of Networking and Virtual Organisations (IJNVO) 2016 Vol.16 No.3 pp.265 - 282 Abstract: The security data generated in today's network are large-scaled, heterogeneous, and rapidly changing. As a result, the traditional methods fail to meet the needs of analysis on the security data. This paper proposes labelled treemap to visually fuse the multi-source network security logs. Firstly, data sources are classified at their collecting locations, and the objects of security data are taken from three different layers. Secondly, in order to solve the problem of insufficient attribute dimension of treemap, the Glyph is adopted to broaden the representation scope, which can make fusion at data-level on labelled treemap. Finally, by choosing the appropriate feature extraction algorithm for the multi-source data, fusion at feature-level is conducted on time-series diagrams, which can represent the network security situation. The analyses of the network security datasets from VAST Challenge 2013 prove this method having substantial advantages for network analysts to better understand network security situation, identify anomalies, discover attack pattern and remove the false positives, etc. Inderscience Publishers - linking academia, business and industry through research

Title: Visual fusion of multi-source network security data based on labelled treemap

Authors: Sheng Zhang; Ronghua Shi

Addresses: School of Information Science and Engineering, Central South University, No. 605 Lushannan Street, Changsha, Hunan Province, China; Modern Educational Technology Center, Hunan University of Commerce, No. 569 Yuelu Street, Changsha, Hunan Province, China ' School of Information Science and Engineering, Central South University, No. 605 Lushannan Street, Changsha, Hunan Province, China

Abstract: The security data generated in today's network are large-scaled, heterogeneous, and rapidly changing. As a result, the traditional methods fail to meet the needs of analysis on the security data. This paper proposes labelled treemap to visually fuse the multi-source network security logs. Firstly, data sources are classified at their collecting locations, and the objects of security data are taken from three different layers. Secondly, in order to solve the problem of insufficient attribute dimension of treemap, the Glyph is adopted to broaden the representation scope, which can make fusion at data-level on labelled treemap. Finally, by choosing the appropriate feature extraction algorithm for the multi-source data, fusion at feature-level is conducted on time-series diagrams, which can represent the network security situation. The analyses of the network security datasets from VAST Challenge 2013 prove this method having substantial advantages for network analysts to better understand network security situation, identify anomalies, discover attack pattern and remove the false positives, etc.

Keywords: network security visualisation; multi-source security data; visual fusion; labelled treemaps; time series; feature extraction.

DOI: 10.1504/IJNVO.2016.079180

International Journal of Networking and Virtual Organisations, 2016 Vol.16 No.3, pp.265 - 282

Received: 07 Aug 2015
Accepted: 04 Oct 2015
Published online: 21 Sep 2016 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: Visual fusion of multi-source network security data based on labelled treemap

Keep up-to-date