Big data visualization is a hot topic , In the field of information security , Because many enterprises want to transform big data into various forms of information visualization , In order to gain deeper insight , Better decision making power and stronger automation processing ability , Data visualization has become an important trend of network security technology .




List of articles

         One , What is network security visualization

*
*
1.1 story + data + Design = visualization

*
1.2 Visual design process

*
Two , Case 1 : Visual design of large scale vulnerability perception

*
2.1 Overall project analysis

*
2.2 Analysis data

*
2.3 Matching graphics

*
2.4 Determine style

*
2.5 Optimize graphics

*
2.6 Inspection and test

*
Three , Case 2 : Visual design of insect map in white environment

*
3.1 Overall project analysis

*
3.2 Analysis data

*
3.3 Matching graphics

*
3.4 Optimize graphics

*
3.5 Inspection and test




One , What is network security visualization

Where does the attack start ? What is the purpose ? Where are the most frequently attacked …… Through big data network security visualization map , We can answer these questions in seconds , This is the efficiency of visualization .
Visualization of big data network security can not only make it easier for us to perceive network data information , Quick identification of risks , It also classifies events , Even predict the attack trend . however , What to do ?

1.1 story + data + Design = visualization


Before visualization , It's best to start with a question , Why do you do visualization , What do you want to learn from it ? Are you looking for cyclical patterns ? Or multiple variables ? Outliers ? spatial relationship ? For example, government agencies , Want to know the distribution of loopholes in various industries across the country , And which industry , Which region has the most vulnerabilities ; Like enterprises , Want to know about internal access , Is there any malicious behavior , Or how about the assets of the enterprise . in short , Find out what you're doing with visual design , What kind of story do you want to tell , And who are you going to talk to .



With stories , Data needs to be found , And has the ability to process data , chart 1 It is a visual reference model , It reflects a series of data conversion process :

*
We have raw data , By standardizing the raw data , Structured processing , Organize them into data tables .

*
Convert these values into visual structures ( Including shapes , position , size , value , direction , color , Texture, etc ), Show it visually . For example, the risk of high, medium and low should be converted into red, yellow and blue , Convert value to size .

*
Combine the visual structure , Convert it into graphics and pass it on to the user , The user carries on the reverse conversion through the way of human-computer interaction , To better understand the problems and laws behind the data .

last , We also have to choose some good visualization methods . Like understanding relationships , It is recommended to select a mesh graph , Or through distance , Close to each other , The relationship is far and the distance is also far .

in short , There's a good story , And there are a lot of data to process , Add some design methods , It's visualization .

1.2 Visual design process




A good process can make us get twice the result with half the effort , The visual design process mainly includes analysis data , Matching graphics , Optimize graphics , Inspection and test . first , On the basis of understanding the requirements, analyze what data we want to show , Include metadata , Data dimension , Viewing angle, etc ; secondly , We use visualization tools , According to some solidified chart types, make various charts quickly ; Then refine the details ; Final check test .

Specifically, we analyze it through two cases .

Two , Case 1 : Visual design of large scale vulnerability perception



chart 2 It's nationwide , Distribution and trend of loopholes in various industries , Orange, yellow and blue represent the high and low vulnerability numbers respectively .

2.1 Overall project analysis


When we got the project plan , Do not be confused by a large number of information and feel at a loss , And don't rush to finish the project , Design blindly without thinking . first , Let's understand the needs of our customers , And the overall content of the keyword extraction . The core of visualization is to refine the content , The more precise the content is refined , The more compact the graphics are designed , The more efficient the communication is . conversely , It will lead to the scattered structure , Key information cannot be delivered to readers efficiently .


Visualization project for large scale vulnerability awareness , The main requirement of customers is to look at the whole country , Vulnerability distribution and trends in various industries . We can summarize it into three key words : Number of loopholes , Vulnerability changes , Vulnerability level , These three key words are the core of data visualization design , The overall graphic structure will be expanded around these three core points .






2.2 Analysis data


Want to show the data clearly , You need to understand the data to be plotted first , Such as metadata , dimension , Relationship between metadata , Data scale, etc . According to demand , The metadata we need to present is vulnerability events , Dimensions have geographical location , Number of vulnerabilities , time , Vulnerability category and level , The perspective of view is mainly macro and relevance . The visual elements involved are shapes , color , size , position , direction , As shown in the figure 4.

2.3 Matching graphics






2.4 Determine style









When matching graphics , Also consider the display platform . Because the customer is placed on the large screen to view , We analyze the characteristics of large screen , For example, the area is huge , deep background , No operation, etc . According to the characteristics of large screen , We brainstormed the design style : It's real-time , There's tension ; New icons and animations are needed , Have a sense of science and technology ; The information level is rich ; The data presented is authoritative .

Finally, according to the design style, dark blue is further determined as the standard color , Representing technology and innovation ; Orange, red and blue represent the high and low vulnerability numbers , Is the auxiliary color ; The overall visual style is consistent with the current mainstream flattening .

2.5 Optimize graphics


With graphics , Try to plot the data on each dimension by attributes , Keep adjusting until it's reasonable . Although it's very simple , But this is the most time-consuming and laborious stage . When there are too many dimensions , In terms of information architecture, it is necessary to consider whether it is broad and shallow or narrow and deep , And then there's interactive navigation , Make graphics more “ visual ”.




In this task , The drawing has been modified many times , chart 7 It's the process draft of our design , Deep bottom , Highlighted map , Multi color attack animation effects , Create tension ; Red in the map , yellow , Blue to show high , in , Distribution of low risk vulnerabilities ; Psychology believes that the top and left are easy to pay attention to ,“ From top to bottom ”“ From left to right ” Of “Z” Visual presentation of font , Concise and clear , Highlight the key points .


After the first draft is completed , We further optimized the dimensions , Dynamic efficiency and quantity . dimension : Each dimension , Only one performance , Clear and easy to understand ; Dynamic effect : Consider the control of time and emotion , From the original 1.5ms Change to 3.5ms; number : Consider the user's feeling when it is too dense or too sparse , The radius of the circle is treated with uniform size .

2.6 Inspection and test

Finally, we need to check and test , Do you want to go through it from beginning to end ; After launching the large screen on the spot , Is it convenient for users to read ; Can the dynamic effect meet the expectation , Is the color difference acceptable ; Finally, we describe the big screen in one sentence , Can users understand .

Three , Case 2 : Visual design of insect map in white environment



If you have a simple spreadsheet ( Left ), To find it IP, Application and port access patterns can be time-consuming , And use the insect map ( right ) After presentation , Although a lot of data has been added , But the reader's understanding has improved .

3.1 Overall project analysis


current , Inside the enterprise IT The system is complex and changeable , There are some that cannot be finely controlled , Illegal and malicious behavior , How to deal with security management problems accurately ? Our main goal is to help users monitor the abnormal traffic accessing the core servers of the intranet , It can be summarized as follows 2 Keywords : Intranet assets and access relationships , The overall graphic structure will be expanded around these two core points .

3.2 Analysis data

Next, analyze the data , The metadata in a case is an event , Dimension has time , source IP, objective IP And Applications , The perspective of view is mainly related and micro .



3.3 Matching graphics


Based on past experience , Chords and force oriented layouts are commonly used for data with relationships . At first we used chords , Inside the dot is the main engine , Users need to pass 3 To find the association of events . Through the test, we found that , It's hard for users to understand , Therefore, the force oriented layout is selected ( Insect map ). The first level shows the overall relationship , The second level is through the pair IP Or port drilling further demonstrates correlation .

3.4 Optimize graphics

When optimizing graphics , We adjusted a lot of details : – Consider how users feel when they are too dense or too sparse , Just show it TOP N. – radian , Optimization of color matching , With us UI The interface style is consistent . –
IP Omitting when the name is too long . – In the micro perspective , The source and destination are distinguished by blue and purple, respectively , At the same time, add arrows to the line , The arrow inward is the source , Outward is the purpose , Convenient for users to understand . –
Interactively , Drill through to a single port and IP Information for ; Relevant information will be highlighted when the mouse swipes , This can make the picture more cool , It can be easily identified .











3.5 Inspection and test

Through research , Users are very clear about the flow direction within the enterprise , Clear visual guidance , Drilling information is convenient , color , Optimization of dynamic effect and other details helps users locate problems quickly , Improve the efficiency of safety operation and maintenance .





Four , summary

in short , Visual design of network security with big data , People can be more intelligent insight into the situation of information and network security , Be more proactive , Be flexible in dealing with new and complex threats and unknown and changeable risks .

In the process of visual design , We also need to pay attention :1, Overall consideration , pay attention to the interests of the whole ;2, Matching of details , uniformity ;3, Full of beauty , Symmetry and harmony .

reference

【1】Nathan Yau, Fresh data : Data visualization Guide ,2014

【2】http://d3js.org/

【3】http://webpages.uncc.edu/krs/courses/6010/infovis/lectures/infovis.pdf

【4】http://xoxpirit.com/2010/11/10/data-visualization-guide/

【5】http://echarts.baidu.com/doc/example.html

【6】 Green League science and Technology Journal ,http://www.nsfocus.com.cn/About_NSFOCUS/publication.html




Transfer from website : Green Alliance Technology Blog

Website links :http://blog.nsfocus.net/

Article links :http://blog.nsfocus.net/big-data-visualization/

The copyright belongs to the original author , Reprinted for learning only , Not for any commercial use , If there is infringement, please leave a message and contact to delete it , Thank you for your cooperation .





Beauty of data and algorithm

Impossible to solve with data


Long press scan code attention