中文摘要：

为了提高IPS（入侵防御系统）日志分析的效率和精准度,提出一种辐状节点链接图可视化分析方法。针对经典节点链接图随着数据量增加,节点变得拥挤、层次难以区分、空间利用率不高等问题,结合节点链接图和辐射图的优势,设计一种新的可视化技术变形即辐状节点链接图。分析VAST 2013 Challenge比赛中IPS日志。研究结果表明：在大数据环境下,该技术能够合理分布节点以区分不同维度的IPS属性,利用可视化筛选降低图像密度,改进布局算法以合理利用显示面积以及产生图形的聚类;该方法能有效地感知网络安全态势,辅助分析人员决策;该辐状节点链接图的数据维度表现能力和业务层次控制能力较强。

英文摘要：

In order to improve the efficiency and accuracy of the intrusion prevention system（IPS） log analysis, a visualization analysis method was proposed based on node-link diagram. Aiming at solving the problems of node congestion, hierarchy confusion and wasted space in conventional node-link diagrams caused by the growth of data volume, a new visualization technique, i.e. radial node-link diagram was designed. The advantages of node-link diagram and radial diagram were integrated, in the environment of very large data, this technique can rationally arrange nodes to distinguish data dimensions, use visual filter to reduce image occlusion, improve the layout algorithm to make the best of the display area, and generate graph clustering. The VAST Challenge 2013 competition data were analyzed. The results show that this new technology is useful to understand network situation and make according decisions. Compared with the award-winning programs, this visualization technology of radical node-link diagram also demonstrates better performance in displaying data dimensions and controlling the levels of operations.