中文摘要：

针对NetFlow日志规模日益扩大、变化日益加快,致使管理和分析难度日益增大的趋势,根据网络安全可视化的思想,构建了一种用时间序列（Time series）图和树图（TreeMap）相结合的方式分析NetFlow日志的可视化系统（简称2T图系统）,用以快速、有效地识别网络中的攻击和异常事件,掌握网络安全态势.该系统重点考虑了NetFlow日志中六个特征维的信息熵,通过构建时间序列图来从宏观上掌控网络状态,同时引入树图来深度挖掘入侵细节.系统还通过创建图像特征规则,从图像上直观分析攻击,发现感兴趣的模式.通过对VAST Challenge 2013年网络安全可视分析竞赛数据进行分析,证明该系统可以直观地从宏观和微观两个层面感知网络安全状态,有效地识别网络攻击和辅助分析人员决策.

英文摘要：

Considering that the management and analysis of the NetFlow log are becoming more difficult because of the NetFlow log＇ s increase in size and changing speed, a Visualization system for analysis of the NetFlow log by using the Time series map combined with the TreeMap according to the concept of network security visualization, was constructed to quickly, effectively identify network attacks and abnormal events in networks. By focusing on the six characteristics of information entropy, the system can successfully oversee the network security situation against the Time Series. At the same time, it can drill down into the details of invasion by using the TreeMap. The system also uses an image feature rule to construct visual figures for attack analysis and pattern exploration. Through the analysis of the VAST Challenge2013 competition data on this system, it was showed that the system can intuitively capture the network security status from the macro and micro levels, as well as effectively identify network attacks and give the support in decision-making.