What exactly is big data visualization design and how to use it?

Big data visualization is a hot topic. In the field of information security, many companies hope to transform big data into various forms of information visualization in order to gain deeper insights, better decision-making and Stronger automated processing capabilities and data visualization have become an important trend in network security technology.

Article Table of Contents

1. What is Network Security Visualization

1.1 Story + Data + Design = Visualization

1.2 Visual Design Process< /p>

2. Case 1: Large-Scale Vulnerability Awareness Visual Design

2.1 Overall Project Analysis

2.2 Analysis Data

2.3 Matching Graphics

p>

2.4 Determine the style

2.5 Optimize graphics

2.6 Check and test

3. Case 2: Visual design of insect diagram in white environment

3.1 Overall project analysis

3.2 Analyzing data

3.3 Matching graphics

3.4 Optimizing graphics

3.5 Inspection testing

1. What is network security visualization

Where do attacks start? What is the purpose? Which places are attacked most frequently... Through big data network security visualization diagrams, we can answer these questions in a few seconds. This is the efficiency that visualization brings us. The visualization of big data network security not only makes it easier for us to perceive network data information and quickly identify risks, it can also classify events and even predict attack trends. But what to do?

1.1 Story + Data + Design = Visualization

Before doing visualization, it is best to start with a question, why do you want to do visualization, and what do you hope to learn from it? Looking for cyclical patterns? Or the relationship between multiple variables? Outlier? Spatial relationship? For example, government agencies want to know the distribution of vulnerabilities in various industries across the country, as well as which industry and which region has the largest number of vulnerabilities; another example is an enterprise, which wants to know the internal access status, whether there is any malicious behavior, or what the status of the company's assets is. In summary, figure out what your purpose is for visual design, what kind of story you want to tell, and who you want to tell it to.

With stories, you also need to find data and have the ability to process the data. Figure 1 is a visual reference model, which reflects a series of data conversion processes:

< p> We have raw data, and we organize them into data tables by standardizing and structuring the raw data.

Convert these numerical values ??into visual structures (including shape, position, size, value, direction, color, texture, etc.) and express it visually. For example, the risks of medium, medium and low are converted into colors such as red, yellow and blue, and the numerical values ??are converted into sizes.

Combine the visual structure, convert it into graphics and pass it to the user. The user performs reverse conversion through human-computer interaction to better understand the problems and patterns behind the data.

Finally, we have to choose some good visualization methods. For example, if you want to understand relationships, it is recommended to choose a network diagram, or use distance. Close relationships are close, and long relationships are far away.

In short, having a good story, a large amount of data to process, and some design methods constitute visualization.

1.2 Visual design process

A good process can allow us to get twice the result with half the effort. The visual design process mainly includes analyzing data, matching graphics, optimizing graphics, and checking and testing. First, we analyze what data we want to display based on understanding the needs, including metadata, data dimensions, viewing perspectives, etc.; second, we use visualization tools to quickly make various charts based on some solidified chart types; and then optimize Details; final inspection test.

Specifically, we will analyze it through two cases.

2. Case 1: Large-Scale Vulnerability Awareness Visual Design

Figure 2 shows the distribution and trend of vulnerabilities in various industries across the country. Orange, yellow and blue represent the high, medium and low number of vulnerabilities respectively. .

2.1 Overall project analysis

When we get the project plan, we should neither be confused by a large amount of information and feel at a loss, nor should we rush to complete the project without thinking. Design blindly. First, let us carefully understand customer needs and refine the keywords for the overall content. The core of visualization lies in the refining of content. The more accurately the content is refined, the more compact the designed graphic structure will be, and the higher the efficiency of communication. On the contrary, the graphic structure will be bloated and scattered, and key information cannot be conveyed to readers efficiently.

For large-scale vulnerability awareness visualization projects, the client’s main requirement is to view the distribution and trends of vulnerabilities across the country and in various industries. We can summarize it into three keywords: vulnerability volume, vulnerability change, and vulnerability level. These three keywords are the core points of our data visualization design. The overall graphic structure will be laid out around these three core points.

2.2 Analyze data

If you want to clearly display the data, you must first understand the data to be drawn, such as metadata, dimensions, relationships between metadata, data scale, etc. According to the requirements, the metadata we need to display is vulnerability events. The dimensions include geographical location, number of vulnerabilities, time, vulnerability category and level. The viewing perspective is mainly macro and correlation. The visual elements involved include shape, color, size, position, and direction, as shown in Figure 4.

2.3 Match graphics

2.4 Determine style

While matching graphics, you should also consider the platform for display. Since customers view the product on a large screen, we analyzed the characteristics of the large screen, such as huge area, dark background, inoperability, etc. Based on the characteristics of the large screen, we brainstormed the design style: it is real-time and has a sense of tension; it requires novel icons and animations, and has a sense of technology; the information level is rich; and the data displayed is authoritative.

Finally, based on the design style, dark blue was further determined as the standard color, which represents technology and innovation; orange, red, and blue represent the high, medium and low number of vulnerabilities respectively, and are auxiliary colors; the overall visual style is consistent with the current mainstream flatness.

2.5 Optimizing graphics

After having the graphics, try to draw the data into each dimension according to attributes, and continue to adjust until it is reasonable. Although what is said here is very simple, this is the most time-consuming and labor-intensive stage. When there are too many dimensions, it is necessary to consider whether the information architecture is broad and shallow or narrow and deep, and then add interactive navigation to make the graphics more "visible".

In this task, the graphics have been modified many times. Figure 7 is our design process draft. The map with deep background, highlights, and multi-color attack animation special effects create a sense of tension; red is used in the map. , yellow, and blue to show the distribution of the number of high, medium, and low-risk vulnerabilities; psychology believes that the top and left sides are easy to pay attention to, and the visual presentation of the "Z" shape is "from top to bottom" and "from left to right". Be concise, clear and focused.

After completing the first draft, we further optimized the dimensions, animation and quantity. Dimension: each dimension uses only one expression, which is clear and easy to understand; animation: considering the control of time and emotion, it is changed from the original 1.5ms to 3.5ms; quantity: considering the user's feeling when it is too dense or too sparse , the radius of the circle is processed to a uniform size.

2.6 Inspection and Testing

Finally, you need to check and test whether it meets the needs from beginning to end; whether it is easy for users to read after putting it on the big screen; whether the animation effect can meet expectations, and whether the color difference Is it acceptable? Finally, we use one sentence to describe the large screen and whether the user can understand it.

3. Case 2: Visual Design of White Environment Bug Diagram

If you only have a simple spreadsheet (left), you need to find the access mode of IP, application and port. It will take a lot of time, but after using the insect diagram (right) to present it, although a lot of data has been added, the reader's understanding has actually improved.

3.1 Overall project analysis

Currently, the internal IT systems of enterprises are complex and changeable, and there are some illegal and malicious behaviors that cannot be precisely controlled. How to accurately handle security management issues? Our main goal is to help users monitor abnormal traffic accessing the intranet core server, which can be summarized into two keywords: intranet assets and access relationships. The overall graphic structure will be laid out around these two core points.

3.2 Analyze data

Next, analyze the data. The metadata in the case is events. The dimensions include time, source IP, destination IP and application. The viewing perspectives are mainly correlation and micro. .

3.3 Matching graphs

According to past experience, chord graphs and force-directed layout graphs are generally used for data with relationships. Initially we used a chord diagram, with the host inside the dot, and users had to find the correlation of events through three dimensions. Through testing, we found that it was difficult for users to understand, so we chose a force-directed layout diagram (worm diagram). The first level shows the global relationship, and the second level further shows the correlation by drilling on IP or port.

3.4 Optimizing graphics

When optimizing graphics, we adjusted many details: – Considering the user’s experience when it is too dense or too sparse, only the TOP N are displayed. – The optimization of curvature and color matching is consistent with our UI interface style. – Omit processing when the IP name is too long. – In the micro perspective, the source and destination are distinguished by blue and purple respectively. At the same time, arrows are added on the line. The arrow pointing inwards is the source and the arrow pointing outward is the destination, making it easier for users to understand. – In terms of interaction, click to drill down to the information of a single port and IP; relevant information is highlighted when the mouse rolls over, which not only makes the picture more cool, but also makes it easier for people to identify.

3.5 Inspection and Test

Through research, users have a very clear understanding of the internal flow of the enterprise, clear visual guidance, easy drilling of information, and optimization of details such as color and motion effects to help users quickly locate problems and improve the efficiency of security operation and maintenance.

IV. Summary

In short, with the help of the visual design of big data network security, people can more intelligently understand the situation of information and network security, and respond to new and complex situations more proactively and flexibly. threats and unknown and ever-changing risks.

In the process of visual design, we also need to pay attention to: 1. Overall consideration and overall situation; 2. Matching and consistency of details; 3. Full of beauty, symmetry and harmony.