SEMMA-Based visual exploration of cyber security event

• Published in: Zhejiang da xue xue bao. Journal of Zhejiang University. Sciences edition. Li xue ban Vol. 49; no. 2; pp. 131 - 140
• Main Authors: Zhong, Ying, Wang, Song, Wu, Hao, Cheng, Zepeng, Li, Xuejun
• Format: Journal Article
• Language: Chinese
• Published: Hangzhou Zhejiang University 01.03.2022; Zhejiang University Press
• Subjects: Cybersecurity; Data processing; Exploration; Feature extraction; Mathematical models; Pattern analysis; Segmentation; semma; Visualization; 基于协议的节点链接图（pbnld）; 模糊c均值算法; 网络安全可视化
• ISSN: 1008-9497
• DOI: 10.3785/j.issn.1008-9497.2022.02.001

Nowadays,the feature of cyber-security can be extracted intuitively and the cyber-security situation can be perceived in all aspects through cyber-security visualization. However, macro control of the overall analysis process of cyber-security is still a research challenge. In this paper, a set of general cyber-security event analysis model is proposed combined with the cyber-security visualization and the classic SEMMA (sample-explore-modify-model-assess) analytic model in DM. In order to standardize the security event exploration analysis process, it divides the analysis process into several specific steps such as data processing, behavioral feature exploration, anomalous object localization, anomalous event description and behavioral pattern association analysis. Fuzzy C-Means is referenced in the analysis model to quantify host behavior and identify network asset structures in the process of feature exploration. PBNLD (protocol-based node link diagram), a new visual presentation, is presented to construct