在网络安全可视化领域中,多步攻击场景呈现过程与日志信息交互性不足,难以让一般的网络安全管理员通过警报日志信息直观发现多步攻击特性。通过实现一种基于规则树的多步攻击场景呈现工具,应用规则树方法对多步攻击行为模式进行描述,通过XML进行模板库定义,设计可视化模型,采用2维向量和3维立体图对比的方法呈现多步攻击场景并分析它们各自的优势,通过实验验证了工具的有效性和设计的合理性。

In the cyber security visualization of field, the multi-step attacks visualization has shortage in interacting with logs. This cannot be effective to make the network security administrator find multi-step attacks using logs. In this paper, we present a multi-step attack visualization tool, which is based on rules tree. It describes multi-stage attacks model by rules tree, defines a template library by XML and designs visualization models. It represents the multi-step attacks scene by comparing vector visualization and three-dimensional visualization, and finds the advantages. Our experiments prove the tool’s validity and the design’s rationality.