摘 要
威胁情报数据分析是网络安全防护及网络攻击追踪溯源的重要前提,但传统分析方式并不足以反映复杂网络数据的真实情况,只有充分结合专家分析模式与交互式可视化技术,才可以有效帮助分析人员更好的理解网络数据复杂的关联关系。现有的可视化成果存在交互性不够丰富有效、节点布局时间较长以及图的布局效果差等缺点。本文设计并实现了威胁情报多源异构数据的交互式关联钻取技术,利用可视化的方式呈现数据中隐含的信息与威胁的发展规律,提升安全分析人员对威胁情报的解读效率,进而辅助决策。论文的主要工作包括以下几个方面:
(1)总结归纳威胁情报可视化展示需求:调研国内外知名威胁情报厂商以及学术界在威胁情报可视化展示和分析技术中的研究成果,从多维度、多源异构数据节点布局以及交互策略方面优化本论文的威胁情报可视化方案。
(2)提出威胁情报数据关联关系可视化布局算法:针对威胁情报数据多维度、多源、数据异构的特性,采用单级力引导布局算法,引入模拟退火算法有效避免节点无用震荡, 使用 D3.js 实现多源异构数据的交互式关联钻取和一件溯源功能。从提高算法效率和优化布局效果两个方面对算法进行改进。
(3)搭建威胁情报可视化系统:前端使用 vue.js 搭建数据驱动的 web 界面渐进式框架,vuex 做状态管理,vue-router 做路径切换,vue-resource 做数据通信,WebSocket 做全双工通信,D3.js 实现可视化展示与交互,element-UI 实现组件快速开发。
实验结果表明,本论文通过交互式关联钻取可视化分析技术实现了针对威胁情报数据的逐层关联钻取、基于力引导图的多源异构数据异步加载,并通过力引导-退火算法提高图形布局稳定的效率。
关键词:威胁情报;可视化;关联钻取;力引导-退火算法
Visualization of Association Relationships Based on Threat Intelligence Base
Abstract
The analysis of threat intelligence is an important prerequisite for network security protection and network attack tracing. However, the traditional analysis method is not enough to reflect the real situation of complex network data. Only by combining expert analysis mode and interactive visualization technology can help the analysis better understanding of the complex relationship between network data. The existing visualization results are not enough rich and effective, the node layout time is longer and the layout of the figure is poor. In this paper, we design and implement the interactive associated drilling technology of threat intelligence multi-source heterogeneous data, and use visualization to show the development of implicit information and threat in the data, to improve the efficiency of the security analyst by interpreting the threat intelligence. The main work of the paper includes the following aspects:
(1)) Summarize the visualization requirements of threat intelligence: investigate the research results of well-known threat intelligence vendors and academics in threat intelligence visualization and analysis technology, and optimize the thesis from multi-dimensional, multi- source heterogeneous data node layout and interactive strategy.
(2)Proposed threat data association relationship visualization algorithm: Aiming at the characteristics of multi-dimensional, multi-source heterogeneous data of threat intelligence, a single-level force-directed layout algorithm is introduced. the introduction of simulated annealing algorithm effectively avoid the node useless shock, and the use of D3.js achieve heterogeneous data interactive drill and a traceability function. The algorithm is improved in two aspects: optimizing the layout effect and improving the efficiency of the algorithm.
(3)Build a threat intelligence visualization system: front-end use vue.js to build data- driven framework, vuex to do state management, vue-router to do path switching, vue-resource to do data communication, WebSocket to do full duplex communication, D3.js to achieve visual display and interaction, element-UI to achieve rapid development of components.
The experimental results show that this paper uses the interactive correlation drilling visualization analysis technology to realize the hierarchical correlation drilling for threat intelligence data, load asynchronously multi-source heterogeneous based on force-directed graph, and improve the stability of graph layout by Force-SA Algorithm.
Key Words:Threat Intelligence;Visualization;Associated Drilling;Force-SA Algorithm
目 录
摘 要 I
Abstract II
1绪论 1
1.1课题背景 1
1.2研究意义 2
1.3相关工作 2
1.4主要研究内容以及贡献 6
1.5文章结构安排 7
2威胁情报与可视化技术 8
2.1威胁情报概念及研究现状 8
2.1.1威胁情报概念 8
2.1.2威胁情报研究现状 8
2.2图可视化概念及面临问题 9
2.2.1图可视化概念 9
2.2.2图可视化面临的问题 9
2.3图布局算法综述 11
2.3.1图布局美学标准 11
2.3.2单级力引导布局算法 12
3关联关系可视化布局算法实现 15
3.1威胁情报关联关系可视化需求分析 15
3.2威胁情报关联关系可视化设计 16
3.2.1威胁情报关联关系可视化框架 16
3.2.2威胁情报数据读取 17
3.2.3威胁情报关联关系可视化流程 19
3.3关系图布局算法实现和优化 20
3.3.1力引导模型 20
3.3.2模拟退火算法 22
3.3.3力引导-退火算法优化 23
3.4数据动态加载设计与实现 25
4威胁情报可视化系统设计 29
4.1威胁情报可视化系统功能需求分析 29
4.2威胁情报可视化系统框架设计 30
4.2.1设计原则 30
4.2.2平台架构设计 30
4.3使用技术介绍 32
4.3.1Vue.js 32
4.3.2Vuex 33
4.3.3Vue-router 34
4.3.4Vue-resource 35
4.3.5WebSocket 35
4.3.6 D3.js 35
4.3.7Element-UI 36
4.3.8Vue-cli 36
5威胁情报可视化系统实现与测试 37
5.1用户登录模块 37
5.2情报查询模块 38
5.3可视分析模块 39
5.3.1关联钻取功能实现 39
5.3.2一件溯源功能实现 43
5.3.2 力引导-退火算法测试 43
5.4情报维护模块 44
5.4.1情报导入导出功能 44
5.4.2情报添加功能 45
5.5情报统计模块 46
6总结与展望 47
6.1本文工作总结 47
6.2本文研究工作展望 47
6.2.1存在不足 47
6.2.3 今后改进的方向 47
参 考 文 献 48
致 谢 50