Cloud computing information security visualization system based on trust computing
Technical field
The present invention relates to field of information security technology, in particular to cloud computing information security based on trust computing
Visualization system.
Background technology
In recent years, social informatization constantly advances.Network application is more and more extensive, and network security problem is the most prominent
Go out sternness.Network security visualization the most also becomes a field the most concerned, utilizes the visual characteristic of people, will
The form of data graphically image represents, the information that user can be contained in more intuitive understanding data so that network management
Safety problem present in network is judged by person, thus network condition is made analysis.
About the concept of trust computing, give defined below in ISO/IEC 15408 standard: one believable group
The behavior of part, operation or process is predictable under any operating condition, and can resist application software, virus well
And the destruction that certain Physical Interference causes.The basic ideas of trust computing be introduce safety chip on a hardware platform (can
Letter console module) improve the safety of terminal system, say, that on each terminal platform, implant a root of trust, allow meter
Calculation machine to operating system nucleus layer, more all builds trusting relationship from BIOS to application layer;Based on this, expand on network,
Set up corresponding trust chain, hence into the computer immunity epoch.When terminal is under attack, self-protection, oneself can be realized
Management and self-recovery.
Trust computing is that behavior safety is given birth to.According to China information security expert described in " software action " book, OK
Should include for safety: the confidentiality of behavior, the integrity of behavior, the feature such as verity of behavior, in terms of military posture map, existing
Study confidentiality and the verity of how guarantee information in the more formula of people, but for the integrity of behavior, especially may be used
All the time there is many deficiencies in the complete information depending on changing.
Summary of the invention
It is an object of the invention to provide cloud computing information security visualization system based on trust computing, above-mentioned to solve
Problem.
For solving above-mentioned technical problem, the technical solution used in the present invention is:
Cloud computing information security visualization system based on trust computing, it is characterised in that include the information being sequentially connected with
Data-mining module, reliable information pretreatment module, information storage module and information analysis based on credible integrity and displaying
Module;
Described information data excavates module, and certification carries out the hardware node in the network of information, it is judged that the network hardware
Node credibility, sets up the trusting relationship of gathered information, obtains by the way of capturing network packet in LAN
Original information data, described original information data include between IP sensitive information send detection data, mail-detection daily record data and
Three kinds of data types of distributed denial of service attack data;
Described reliable information pretreatment module, carries out Data Dimensionality Reduction, identify and classify pretreatment, shape to original information data
Becoming measurable quantized data, the structure for global trust environment provides basis;
Described information storage module, by storage after pretreated information data encryption to the corresponding position of cloud storage resource pool
In putting, excavate module by information data, reliable information pretreatment module builds trust data platform jointly, and in trust data
The secure and trusted realizing data on the basis of platform stores, and builds global trust environment;Described trust data platform also includes can
Letter software system, described trusted software system provides the interface using trust data platform for operating system and application software, with
Time provide integrity measurement to described trust data platform subsequent software, and the specific behavior of uncontrollable operating system is gone
For audit and analysis;Described subsequent software includes that core loads software and uncontrollable operating system software;Described information data is dug
Pick module is the starting point of chain-of-trust, and described information data excavates module, reliable information pretreatment module, information storage module and base
Information analysis and display module in credible integrity generate and collectively form chain-of-trust, above-mentioned each system be provided with 3G module and
Data transmit-receive application program, data are transmitted by 3G module, after 3G module powers on, described trust data platform carry out on
Electro-detection;
Described information analysis based on credible integrity and display module, at the trust data platform base built
On realize the extraction of information, analyze and show, provide visual trust data and figure to show for management personnel, it includes postal
Part contact relation analysis shows that submodule, daily record number of times distributional analysis show that between submodule, IP, information sends relation analysis displaying
Submodule, sensitive email relaying path analysis and show submodule and distributed denial of service attack data analysis and show submodule
Block, particularly as follows:
(1) submodule is shown in mail contact relation analysis, for the mail-detection daily record of storage in cloud storage resource pool
Data carry out extracting, analyze, process, and show a certain specify the time period in the sensitive mail contact relation that detects;Described postal
Part contact relation analysis shows that submodule enables users to interact with interface by the calendar on design optional date, user
Can arbitrarily select the time period to be checked, the following operation of concrete execution:
The time period selected according to user, the data in cloud storage resource pool are chosen by system, after choosing data
With the form of dictionary, data are stored, through data being analyzed process, according to the transmitting-receiving corresponding relation of sensitive mail
Generate corresponding matrix data model;Subsequently, by the form of chord figure, the transmitting-receiving of mail sensitive in the selected time period is closed
System carries out visual presentation, and each different mailboxes are distributed in circle around, show email address at circular outside profile, if
Having the transmission relation of sensitive information between different mailboxes, just do ribbon lines between two mailboxes, lines are thick
One side represents the sender of mail, and the thin side of lines represents the recipient of mail;
(2) submodule is shown in the distributional analysis of daily record number of times, for carrying out according to time period and the daily record quantity that detects
Classification and statistics, and show by the form of dendrogram, particularly as follows:
(2-1) log data set W of reception is divided into n time subset, i.e. W={W1, W2 according to the time period ...,
Wj ..., Wn};
(2-2) be manually set m daily record quantitative levels, by each time subset Wj divide m level subset, i.e. W1j,
W2j、…、Wij、…、Wmj;
(2-3) with log data set W as root, Wj is ground floor node, and Wij is second layer joint structure tree TW;
(2-5) calculating the value of each node in tree TW, wherein the value of leaf node is the value of this data element, non-
The value of leaf node is equal to the value sum of all child nodes of its lower floor, and so far log data set W has been configured to a tree-shaped
Data structure;
(2-6) dendrogram that the tree data structure of generation is mapped as on two dimensional surface;
(3) between IP, information sends relation analysis displaying submodule, for being pointed to the IP of cloud storage resource pool relevant position
Between sensitive information send detection data carry out extracting, analyze, statistical disposition, shown by visual presentation form and interface alternation
Sensitive information between IP different in certain period of time sends incidence relation;Between described IP, information sends relation analysis displaying
Module use the time period select mechanism and scatterplot layout exhibition method, use joint form presentation-entity, lines presentation-entity it
Between contact, represent that information between IP sends the degree of strength of incidence relation with size of node, have according to mouse click event
Optionally carry out level displaying;Mouse-over there will be the details of correspondent entity, described details bag on node
Including ID, discovery time, click entity can select all IP related with selected node;It is provided with search engine simultaneously
System, the IP related information that user wants to check by inputting a certain IP to select;
The transmitting-receiving corresponding relation of described mail is obtained, particularly as follows: first pass through solution by the TCP closure obtaining mail
The network packet that analysis obtains, obtains including source IP address, purpose IP address, source port, destination interface, the information of serial number,
And with four-tuple 1{ source IP address, source port, purpose IP address, destination interface and the IP address of four-tuple 2:{ mesh, destination
Mouthful, source IP address, source port indicate the both direction that TCP connects respectively, then by the application layer data of network packet according to
Serial number sequentially writes in the journal file corresponding with TCP closure.
(4) sensitive email relaying path analysis and displaying submodule, for by analyzing and processing statistics mail-detection daily record
Detection data in data and email relaying relation, show the road that a certain specific mail is forwarded between different mailboxes
Footpath, particularly as follows:
First, user inputs the key word contained by mail header to be searched for or mail header, system in search box
According to key word, mail header all of in mail record data is carried out fuzzy matching retrieval, if not retrieving defeated with user
Enter the mail matched, then send information reminding user and re-enter;If being successfully retrieved relative recording, result just will be retrieved
Showing user with the form of Table content, be that the title of each mail adds Cl ick event simultaneously, user clicks on target postal
The title of part, backstage again carries out retrieval coupling, finds the forwarding record of this mail according to mail selected by user to mail record,
And the article receiving and sending people every time forwarded is carried out statistic record with the form of dictionary, the data required for structure visual presentation;?
After, show that the forward-path of mail is presented to user and provides interactive function with the form of a stacking dendrogram, if certain postal
Case is afterbody recipient, then the summit of tree diagram is hollow display, if this email relaying is also given additionally by this mailbox
One or several mailboxes, then the tree diagram node representing this mailbox is set to solid;Described Table content include mail ID,
Mail header, mail time, mail originator and Email attachment number;
(5) distributed denial of service attack data analysis and displaying submodule, be used for extracting, analyze and show distributed refusing
Service attack data absolutely, particularly as follows:
(5-1) distributed denial of service attack data analysis and displaying submodule are from the relevant position of cloud storage resource pool
Extracting distributed denial of service attack data, use Hash table to store, in Hash table, keyword uses character string forms, word
Symbol string forms by source IP, port numbers and according to the time label three selected by the time interval of user's setting, appoints in these three
Anticipating when a newly-built element occurs different and newly-built element will be inserted in Hash table, each element is table in graphical
Showing a node, the relation representing and being connected between main frame, the value that in Hash table, keyword is corresponding represents that this time connects communication
Data total amount in activity;
(5-2) calculate the coordinate figure of all nodes, and then the point with coordinate information is drawn, and according to different need
Ask carry out time interval, the adjustment of unit radius parameter that figure shows, the principle followed when wherein drawing is: host node
With the line different colours between Centroid represents the size of amount of communication data in time interval, enter according to certain coefficient
Row maps;Host node is made up of some concentric circulars, and the contrast intensity of color represents the port number related in this connection
Amount.
Preferably, it is characterised in that described reliable information pretreatment module includes Data Dimensionality Reduction unit, data identification unit
And data sorting unit, the structure for global trust environment provides basis, particularly as follows:
(1) Data Dimensionality Reduction unit, for using the PCA of improvement to eliminate the redundancy between original information data, fall
The dimension of low original information data, particularly as follows:
1) N bar original information data to be analyzed is extracted, as matrix X=[x1,x2,…,xN], wherein xiBe i-th former
Beginning information data;
2) meansigma methods of N bar original information data is solved:
3) the covariance matrix A of N bar original information data is solved:
4) according to its main component element of eigenvalue calculation of covariance matrix A:
Aδi=μiδi
Wherein μi, δiIt is respectively eigenvalue and characteristic of correspondence vector;
5) according to given precision ρ, by numerical computation method, front M eigenvalue of maximum is solved:
Wherein, the span of M is
6) front M eigenvalue of maximum and characteristic of correspondence vector, order are taken
Φ=[δ1,δ2,…,δM], Γ=diag (μ1,μ2,…,μM)
Then there is A Φ=Φ Γ;
7) the new matrix Y=Φ of low-dimensional vector composition is calculatedTX;
(2) data identification unit, for the original information data after reducing dimension is identified detection, removes uncorrelated
Information data, obtain relevant information data;
(3) data sorting unit, for classifying according to data type to relevant information data.
Preferably, described data identification unit includes being identified distributed denial of service attack data, particularly as follows:
1) the n bar original information data matrix after dimensionality reduction is set as Y '=ΦTX ', wherein X '=[x1,x2,…,xn], xj∈
X ', selection Db3 small echo is as analysis wavelet, and selects maximum decomposition scale, uses decomposition algorithm to carry out wavelet decomposition Y ' and obtains
To matrix of wavelet coefficients, when j≤out to out, from matrix of wavelet coefficients, extract high frequency coefficient, calculate the variance of little coefficient
After Ψ, according to [j, log2Ψ] fitting a straight line tries to achieve slope k, thus solves self similar parameter Hurst value H of network traffics:
H=(k-1)/2
2) the Hurst changing value Δ H=H the most in the same time tried to achieve by analysist-Ht-1, set threshold T, if Δ H >
T, it is determined that distributed denial of service attack occurs, preserves corresponding original information data;If Δ H≤T, it is determined that distributed refusal takes
Business is attacked and is not sent, and removes corresponding original information data.Technical scheme disclosed by the invention can include following useful effect
Really:
1, Data Dimensionality Reduction unit, data identification unit and data sorting unit are set in reliable information pretreatment module,
Original information data is carried out dimensionality reduction, identifies and classification process, thus realize different types of data are stored in cloud storage money
In the diverse location in pond, source, it is beneficial to information analysis based on credible integrity and the display module extraction to corresponding data, enters one
Step improves the speed of service of system;
2, utilize visual technology, be directed in network security detecting system sensitive information type in the network captured
And transmission situation etc. carries out visual displaying, from five different angles, network security detection data are analyzed and open up
Show, be that between the contact relation analysis displaying between each mailbox of the sensitive mail, IP and IP, sensitive information sends relation respectively
Analyse from visual presentation, be directed to the analysis displaying of a certain specific mail forward-path between different mailboxes, daily record number of times
Distributional analysis is shown with displaying and distributed denial of service attack data analysis, it is possible to provide accurately, in all directions in network
Security log information, improves the credible integrity degree of whole system;
3, in submodule is shown in daily record number of times distributional analysis, construct one and be simultaneously based on daily record issuing time section sum
The laminar dendrogram of amount grade, user can intuitively arrive according to issuing time and issue quantity and check that situation is issued in daily record;
Show in submodule in mail contact relation analysis, by resolving and restructuring network packet, complete TCP can be obtained and connect letter
Breath, and use stacking dendrogram to be shown, enable users to check that targeted mails is without the forwarding between mailbox clear and intuitively
Situation, to facilitate management personnel to make corresponding judgement and decision-making;
4, distributed denial of service attack data analysis is with displaying submodule, signs based on the time and carries out distributed refusal clothes
The extraction of business attack data, and the principle of graphic plotting is proposed, focus is concentrated on the conditioned basic of attack, and is not
Monitoring when attacking after assailant has possessed all conditions and display, and can be to distributed denial of service attack pattern
Carry out various dimensions to show, it addition, according to the adjustment of the different unit radius parameters that demand carries out time interval, figure shows, carry
The performance that high user is mutual.
It should be appreciated that it is only exemplary that above general description and details hereinafter describe, can not be limited this
Open.
Accompanying drawing explanation
Fig. 1 is the connection diagram of each module of the present invention;
Reference:
Information data excavates module 1, reliable information pretreatment module 2, information storage module 3, based on credible integrity
Information analysis and display module 4, Data Dimensionality Reduction unit 21, data identification unit 22, data sorting unit 23, contact relation analysis
Show that submodule 41, daily record number of times distributional analysis are shown between submodule 42, IP that information sends relation analysis and shown submodule 43, quick
Sense email relaying path analysis and displaying submodule 44, distributed denial of service attack data analysis and displaying submodule 45.
Accompanying drawing herein is merged in description and constitutes the part of this specification, it is shown that meet the enforcement of the present invention
Example, and for explaining the principle of the present invention together with description.
Detailed description of the invention
Below by specific embodiment and combine accompanying drawing the present invention is described in further detail.
Seeing Fig. 1, the present embodiment cloud computing based on trust computing information security visualization system, including be sequentially connected with
Information data excavates module 1, reliable information pretreatment module 2, information storage module 3 and information analysis based on credible integrity
With display module 4;
Described information data excavates module 1, and certification carries out the hardware node in the network of information, it is judged that the network hardware
Node credibility, sets up the trusting relationship of gathered information, obtains by the way of capturing network packet in LAN
Original information data, described original information data include between IP sensitive information send detection data, mail-detection daily record data and
Three kinds of data types of distributed denial of service attack data;
Described reliable information pretreatment module 2, carries out Data Dimensionality Reduction, identify and classify pretreatment to original information data,
Forming measurable quantized data, the structure for global trust environment provides basis;
Described information storage module 3, storage after pretreated information data encryption is corresponding to cloud storage resource pool
In position, excavate module by information data, reliable information pretreatment module builds trust data platform jointly, and credible
The secure and trusted realizing data on the basis of data platform stores, and builds global trust environment;Described trust data platform also wraps
Including trusted software system, described trusted software system provides for operating system and application software and uses connecing of trust data platform
Mouthful, described trust data platform subsequent software is provided integrity measurement, and the specific behavior to uncontrollable operating system simultaneously
Carry out behavior auditing and analysis;Described subsequent software includes that core loads software and uncontrollable operating system software;Described information
Data-mining module is the starting point of chain-of-trust, and described information data excavates module, reliable information pretreatment module, information storage mould
Block and information analysis based on credible integrity generate with display module and collectively form chain-of-trust, and above-mentioned each system is provided with 3G
Module and data transmit-receive application program, data are transmitted by 3G module, after 3G module powers on, by described trust data platform
Carry out upper electro-detection;
Described information analysis based on credible integrity and display module 4, at the trust data platform base built
Realizing the extraction of information on plinth, analyze and show, provide visual trust data and figure to show for management personnel, it includes
Mail contact relation analysis shows that submodule 41, daily record number of times distributional analysis show that between submodule 42, IP, information sends relation
Analysis is shown submodule 43, sensitive email relaying path analysis and shows submodule 44 and distributed denial of service attack data analysis
With show submodule 45, particularly as follows:
(1) submodule 41 is shown in mail contact relation analysis, for the mail-detection day of storage in cloud storage resource pool
Will data carry out extracting, analyze, process, and show a certain specify the time period in the sensitive mail contact relation that detects;Described
Mail contact relation analysis shows that submodule 41 enables users to interact with interface by the calendar on design optional date, uses
Family can arbitrarily select the time period to be checked, the following operation of concrete execution:
The time period selected according to user, the data in cloud storage resource pool are chosen by system, after choosing data
With the form of dictionary, data are stored, through data being analyzed process, according to the transmitting-receiving corresponding relation of sensitive mail
Generate corresponding matrix data model;Subsequently, by the form of chord figure, the transmitting-receiving of mail sensitive in the selected time period is closed
System carries out visual presentation, and each different mailboxes are distributed in circle around, show email address at circular outside profile, if
Having the transmission relation of sensitive information between different mailboxes, just do ribbon lines between two mailboxes, lines are thick
One side represents the sender of mail, and the thin side of lines represents the recipient of mail;
(2) submodule 42 is shown in the distributional analysis of daily record number of times, for entering according to time period and the daily record quantity that detects
Row classification and statistics, and show by the form of dendrogram, particularly as follows:
(2-1) log data set W of reception is divided into n time subset, i.e. W={W1, W2 according to the time period ...,
Wj ..., Wn};
(2-2) be manually set m daily record quantitative levels, by each time subset Wj divide m level subset, i.e. W1j,
W2j ..., Wij ..., Wmj, wherein the span of m is [4,8];
(2-3) with log data set W as root, Wj is ground floor node, and Wij is second layer joint structure tree TW;
(2-5) calculating the value of each node in tree TW, wherein the value of leaf node is the value of this data element, non-
The value of leaf node is equal to the value sum of all child nodes of its lower floor, and so far log data set W has been configured to a tree-shaped
Data structure;
(2-6) dendrogram that the tree data structure of generation is mapped as on two dimensional surface;
(3) between IP, information sends relation analysis displaying submodule 43, for being pointed to cloud storage resource pool relevant position
Between IP sensitive information send detection data carry out extracting, analyze, statistical disposition, by visual presentation form and interface alternation exhibition
Sensitive information between IP different in showing certain period of time sends incidence relation;Between described IP, information sends relation analysis displaying
Submodule 43 uses the time period to select mechanism and scatterplot layout exhibition method, uses joint form presentation-entity, and lines represent real
With size of node, contact between body, represents that between IP, information sends the degree of strength of incidence relation, according to click thing
Part selectively carries out level displaying;Mouse-over there will be the details of correspondent entity, described detailed letter on node
Breath includes that ID, discovery time, click entity will select all IP related with selected node, and only display should
Sub-network figure, the most also shows its corresponding relation sending information with the form of word;It is provided with search mechanisms, user simultaneously
The IP related information that a certain IP selects to want to check can be inputted;
(4) sensitive email relaying path analysis and displaying submodule 44, for by analyzing and processing statistics mail-detection day
Detection data in will data and email relaying relation, show the road that a certain specific mail is forwarded between different mailboxes
Footpath, particularly as follows:
First, user inputs the key word contained by mail header to be searched for or mail header, system in search box
According to key word, mail header all of in mail record data is carried out fuzzy matching retrieval, if not retrieving defeated with user
Enter the mail matched, then send information reminding user and re-enter;If being successfully retrieved relative recording, result just will be retrieved
Showing user with the form of Table content, be that the title of each mail adds Click event simultaneously, user clicks on target postal
The title of part, backstage again carries out retrieval coupling, finds the forwarding record of this mail according to mail selected by user to mail record,
And the article receiving and sending people every time forwarded is carried out statistic record with the form of dictionary, the data required for structure visual presentation;?
After, show that the forward-path of mail is presented to user and provides interactive function with the form of a stacking dendrogram, if certain postal
Case is afterbody recipient, then the summit of tree diagram is hollow display, if this email relaying is also given additionally by this mailbox
One or several mailboxes, then the tree diagram node representing this mailbox is set to solid;
(5) distributed denial of service attack data analysis with show submodule 45, be used for extracting, analyze and show distributed
Denial of Service attack data, particularly as follows:
1) distributed denial of service attack data analysis and displaying submodule 45 are from the relevant position of cloud storage resource pool
Extracting distributed denial of service attack data, use Hash table to store, in Hash table, keyword uses character string forms, word
Symbol string forms by source IP, port numbers and according to the time label three selected by the time interval of user's setting, appoints in these three
Anticipating when a newly-built element occurs different and newly-built element will be inserted in Hash table, each element is in the future graphical
Being all a node in expression, the relation representing and being connected between main frame, the value that in Hash table, keyword is corresponding represents this time
Connect the data total amount in communication activity;
2) calculate the coordinate figure of all nodes, and then the point with coordinate information is drawn, and according to different demands
Carry out time interval, the adjustment of unit radius parameter that figure shows, the principle followed when wherein drawing is: host node and in
Line between heart node represents the size of amount of communication data in time interval, maps according to certain coefficient, and communicate number
Representing according to amount different colours, the expression amount of communication data that color is red is bigger;Host node is made up of some concentric circulars, face
The contrast intensity of color represents the port number related in this connection.
Wherein, described reliable information pretreatment module 2 includes that Data Dimensionality Reduction unit 21, data identification unit 22 and data are divided
Class unit 23, particularly as follows:
(1) Data Dimensionality Reduction unit 21, for use the PCA of improvement eliminate between original information data superfluous
Remaining, reduce the dimension of original information data, the PCA of described improvement is:
1) N bar original information data to be analyzed is mentioned, as matrix X=[x1,x2,…,xN], wherein xiBe i-th former
Beginning information data;
2) meansigma methods of N bar original information data is solved:
3) the covariance matrix M of N bar original information data is solved:
4) according to the eigenvalue problem calculating main component element of covariance matrix A:
Aδi=μiδi
Wherein μi, δiIt is respectively eigenvalue and the characteristic of correspondence vector of M;
5) according to given precision ρ, by numerical computation method, front M eigenvalue of maximum is solved:
Wherein, the span of M is
6) front M eigenvalue of maximum and characteristic of correspondence vector, order are taken
Φ=[δ1,δ2,…,δM], Γ=diag (μ1,μ2,…,μM)
Then there is A Φ=Φ Γ;
7) the new matrix Y=Φ of low-dimensional vector composition is calculatedTX;
(2) data identification unit 22, for the original information data after reducing dimension is identified detection, remove not phase
The information data closed, obtains relevant information data;
(3) data sorting unit 23, for classifying according to data type to relevant information data.
Wherein, described data identification unit 22 includes being identified distributed denial of service attack data, particularly as follows:
1) the K bar original information data matrix after dimensionality reduction is set as Y '=ΦTX ', wherein X '=[x1,x2,…,xK], xj∈
X ', selection Db3 small echo is as analysis wavelet, and selects maximum decomposition scale, uses decomposition algorithm to carry out wavelet decomposition Y ' and obtains
To matrix of wavelet coefficients, when j≤out to out, from matrix of wavelet coefficients, extract high frequency coefficient, calculate the variance of little coefficient
After Ψ, and according to [j, log2Ψ] fitting a straight line tries to achieve slope k, thus solves the self similar parameter Hurst value of network traffics
H:
H=(k-1)/2
2) the Hurst changing value Δ H=H the most in the same time tried to achieve by analysist-Ht-1, set threshold T, if Δ H >
T, it is determined that distributed denial of service attack occurs, preserves corresponding original information data;If Δ H≤T, it is determined that distributed refusal takes
Business is attacked and is not sent, and removes corresponding original information data.
Wherein, the transmitting-receiving corresponding relation of described mail is obtained by the TCP closure obtaining mail, first passes through parsing
The network packet obtained, obtains including source IP address, purpose IP address, source port, destination interface, the information of serial number, and
With four-tuple 1: source IP address, source port, purpose IP address, destination interface and four-tuple 2: purpose IP address, destination interface, source
IP address, source port, indicate the both direction that TCP connects respectively, then by the application layer data of network packet according to sequence
In the journal file that number sequentially write is corresponding with TCP closure.
Wherein, described Table content includes mail ID, mail header, mail time, mail originator and Email attachment
Number.
The present embodiment arranges Data Dimensionality Reduction unit 21, data identification unit 22 sum in reliable information pretreatment module 2
According to taxon 23, original information data is carried out dimensionality reduction, identifies and classification process, thus realize depositing different types of data
Storage, in the diverse location of cloud storage resource pool, is beneficial to information analysis based on credible integrity with display module 4 to respective counts
According to extraction, further increase the speed of service of system;Utilize visual technology, be directed in network security detecting system
In the network captured, sensitive information type and transmission situation etc. carry out visual displaying, from five different angles to net
Network safety detection data are analyzed and show, accurate, comprehensive and facilitate management personnel to make corresponding to judge and decision-making, carry
The high credible integrity degree of whole system;The distributed denial of service attack data analysis arranged can be right with displaying submodule 45
Distributed denial of service attack pattern carries out various dimensions and shows, facilitates management personnel to make corresponding judgement and decision-making, improves
The integrity degree of information, improves the credibility of system in terms of another;And carry out time interval according to different demands, figure shows
The adjustment of the unit radius parameter shown, improves the performance that user is mutual;The present embodiment value m=4,The fortune of system
Line speed improves 2%.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for the skill of this area
For art personnel, the present invention can have various modifications and variations.All within the spirit and principles in the present invention, that is made any repaiies
Change, equivalent, improvement etc., should be included within the scope of the present invention.