A real-time network security visualization system based on incremental learning (ChinaVis 2018)

The real-time analysis of network data is of great significance to network security. Visualization technology and machine learning can assist in network data analysis from different aspects. However, there is little research regarding combining these two methods to process real-time network data. This paper proposes a novel real-time network security system. Combining unsupervised learning and visualization technology, it can identify network behavior patterns and provide a visualization module to adjust models interactively. The system is primarily divided into three parts. In the feature extraction part, we train a deep auto-encoder to compress the feature dimension. In the behavior pattern recognition part, normal and abnormal pattern SOINNs are trained incrementally. In visualization part, analysts can use multiple views to judge recognition results rapidly and adjust models so that the identification accuracy can be increased. We use the data in VAST Challenge 2013 to show that our system can identify network behavior patterns in real time and find the correlations between them.