分散式巨量網路流量資料之交互式視覺化安全分析系統

Wei-Ru Dai; 戴瑋如

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/55652

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	孫雅麗
dc.contributor.author	Wei-Ru Dai	en
dc.contributor.author	戴瑋如	zh_TW
dc.date.accessioned	2021-06-16T04:15:06Z	-
dc.date.available	2019-08-25
dc.date.copyright	2014-08-25
dc.date.issued	2014
dc.date.submitted	2014-08-20
dc.identifier.citation	[1] I. Cisco, 'Cisco visual networking index: Forecast and methodology, 2013--2018,' 2013. [2] C. Gates, M. P. Collins, M. Duggan, A. Kompanek, and M. Thomas, 'More Netflow Tools for Performance and Security,' in LISA, 2004, pp. 121-132. [3] P. Giura and N. Memon, 'Netstore: An efficient storage infrastructure for network forensics and monitoring,' in Recent Advances in Intrusion Detection, 2010, pp. 277-296. [4] J. R. Goodall and M. Sowul, 'VIAssist: Visual analytics for cyber defense,' in Technologies for Homeland Security, 2009. HST'09. IEEE Conference on, 2009, pp. 143-150. [5] Cisco IOS NetFlow. Available: http://www.cisco.com/web/go/netflow [6] H. Shiravi, A. Shiravi, and A. A. Ghorbani, 'A survey of visualization systems for network security,' Visualization and Computer Graphics, IEEE Transactions on, vol. 18, pp. 1313-1329, 2012. [7] K. Shvachko, H. Kuang, S. Radia, and R. Chansler, 'The hadoop distributed file system,' in Mass Storage Systems and Technologies (MSST), 2010 IEEE 26th Symposium on, 2010, pp. 1-10. [8] J. Dean and S. Ghemawat, 'MapReduce: simplified data processing on large clusters,' Communications of the ACM, vol. 51, pp. 107-113, 2008. [9] M. Fullmer and S. Romig, 'The OSU flowtools package and CISCO NetFlow logs,' in Proceedings of the 2000 USENIX LISA Conference, 2000. [10] D. Plonka, 'FlowScan: A Network Traffic Flow Reporting and Visualization Tool,' in LISA, 2000, pp. 305-317. [11] N. Robison and J. Scaparra, 'Interactive network active-traffic visualization,' Texas A&M University2007. [12] K. Lakkaraju, W. Yurcik, and A. J. Lee, 'NVisionIP: netflow visualizations of system state for security situational awareness,' in Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, 2004, pp. 65-72. [13] X. Yin, W. Yurcik, M. Treaster, Y. Li, and K. Lakkaraju, 'VisFlowConnect: netflow visualizations of link relationships for security situational awareness,' in Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, 2004, pp. 26-34. [14] F. Mansmann, F. Fischer, D. A. Keim, and S. C. North, 'Visualizing large-scale IP traffic flows,' in VMV, 2007, pp. 23-30. [15] Y. Lee, W. Kang, and H. Son, 'An internet traffic analysis method with mapreduce,' in Network Operations and Management Symposium Workshops (NOMS Wksps), 2010 IEEE/IFIP, 2010, pp. 357-361. [16] S. Weigert, M. Hiltunen, and C. Fetzer, 'Mining large distributed log data in near real time,' in Managing Large-scale Systems via the Analysis of System Logs and the Application of Machine Learning Techniques, 2011, p. 5. [17] S. Melnik, A. Gubarev, J. J. Long, G. Romer, S. Shivakumar, M. Tolton, et al., 'Dremel: interactive analysis of web-scale datasets,' Proceedings of the VLDB Endowment, vol. 3, pp. 330-339, 2010. [18] M. Kornacker and J. Erickson. (2012). Cloudera Impala: real-time queries in Apache Hadoop, for real. Available: http://www.cloudera.com/content/cloudera/en/products-and-services/cdh/impala.html [19] A. Kivity, Y. Kamay, D. Laor, U. Lublin, and A. Liguori, 'kvm: the Linux virtual machine monitor,' in Proceedings of the Linux Symposium, 2007, pp. 225-230. [20] F. Bellard, 'QEMU, a Fast and Portable Dynamic Translator,' in USENIX Annual Technical Conference, FREENIX Track, 2005, pp. 41-46.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/55652	-
dc.description.abstract	網路流量隨著科技的進步和普及有逐漸成長的趨勢，其勢必會帶動更複雜的網路活動，和資安攻擊事件的增長，如何儲存這巨量的網路流量並彈性且快速地取得，同時以人眼可辨識、清楚的方式呈現提供作資安分析成為一個具有挑戰性的課題。因而本論文提出一個雲端分散式處理系統，NetActy（Network Activity Visualization System），其運作在虛擬環境下並採用類似MapReduce 巨量資料平行處理架構的設計來幫助處理大量的NetFlow資料，透過雲端技術與平台動態運算資源的調配能力來幫助迅速地佈署達到運算期限所需要的資源。而快速轉換資料成視覺圖像的能力取決於資料提供的快慢，因此本論文設計幫助快速視覺化的in-memory階層式BigIP Render Tree（BRT）資料結構，針對IP活動記錄進行視覺化資料設計，提供CIDR、AS和國家範疇的網路活動查詢，並以快速且清楚、人眼可辨識的視圖方式呈現。在系統評估的結果驗證系統具有擴充性，且BRT的建立和存取表現優異，讓NetActy系統能夠針對使用者所提出的查詢迅速並且及時地提供相對應的資料供前端呈現有意義的結果給使用者。	zh_TW
dc.description.abstract	As the network volume grows rapidly, network activities and security problems are supposed to be more complicated. For security analysis, it is challenging to store the big volume of network traffic and access the data in real time. We propose a distributed processing system of scalable cloud environment called NetActy System (Network Activity Visualization System). NetActy is built on top of a VM cluster, which could allocate computing resource flexibly and improve resource utilization. There are modules in NetActy that function like the MapReduce framework to process big data. In addition to this, NetActy is able to visualize and display hierarchical graph data in the user interface. We design an in-memory intermediate data structure called BigIP Render Tree (BRT). BRT provides IP-, CIDR-, AS- and country-level query of network activities and its in-memory design could facilitate access to graph data. In a nutshell, NetActy is a system that provides queries and show views of network communication activities easily, clearly and quickly.	en
dc.description.provenance	Made available in DSpace on 2021-06-16T04:15:06Z (GMT). No. of bitstreams: 1 ntu-103-R01725012-1.pdf: 3426753 bytes, checksum: 28f42a5b4dad51c2fcdc5159433f82d3 (MD5) Previous issue date: 2014	en
dc.description.tableofcontents	謝詞 I 中文摘要 II 英文摘要 III 目錄 IV 圖目錄 VI 表目錄 VIII 第一章介紹 1 第一節　研究背景 1 第二節　研究問題 1 第三節　研究貢獻 2 第二章相關文獻 3 第一節　NETFLOW 3 第二節　分散式計算框架 4 第三章系統模型 5 第四章網路通訊活動視覺化系統 8 第五章 BIGIP RENDER TREE 設計 14 第一節　概要 14 第二節　資料結構 16 第三節　BRT BUILDER和BRT MERGER設計 20 第四節　BRT建立演算法 22 第六章 NETACTY功能模組 28 第一節　QUERY MANAGER 28 第二節　DATA FINDER 29 第三節　DISPLAY MANAGER 29 第七章查詢 31 第一節　查詢語法 31 第二節　查詢欄位 33 第八章實作 35 第一節　實驗環境設置 35 第二節　實驗資料 36 第三節　系統查詢時間 36 第四節　QUERY MANAGER工作分配規則 40 第九章評估 47 第一節　實驗設計 47 第二節　實驗結果 47 第十章結論與建議 54 參考文獻 55
dc.language.iso	zh-TW
dc.subject	虛擬環境	zh_TW
dc.subject	雲端計算	zh_TW
dc.subject	分散式系統	zh_TW
dc.subject	NetFlow視覺化	zh_TW
dc.subject	巨量資料處理	zh_TW
dc.subject	Distributed system	en
dc.subject	Cloud computing	en
dc.subject	Virtualized environment	en
dc.subject	NetFlow visualization	en
dc.subject	Big data	en
dc.title	分散式巨量網路流量資料之交互式視覺化安全分析系統	zh_TW
dc.title	Interactive Visualized Security Analysis System of Large Distributed Network Flow Data	en
dc.type	Thesis
dc.date.schoolyear	102-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	陳孟彰,李漢銘,謝錫?,潘育群
dc.subject.keyword	雲端計算,分散式系統,NetFlow視覺化,巨量資料處理,虛擬環境,	zh_TW
dc.subject.keyword	Cloud computing,Distributed system,Big data,NetFlow visualization,Virtualized environment,	en
dc.relation.page	56
dc.rights.note	有償授權
dc.date.accepted	2014-08-20
dc.contributor.author-college	管理學院	zh_TW
dc.contributor.author-dept	資訊管理學研究所	zh_TW
顯示於系所單位：	資訊管理學系

文件中的檔案：

檔案	大小	格式
ntu-103-1.pdf 未授權公開取用	3.35 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。