Designing innovative approaches to detect intrusive network activities is considered as one of the most significant research topics in network security. Various computational methods are proposed to discover unknown attacks, but validating suspicious activities and understanding their unique characteristics are still difficult. To address this limitation, several visualization systems have been designed, which aim to enhance the ability of understanding data visually. However, the effectiveness of visualization techniques for network traffic data analysis has not been fully examined. In this paper, we performed in-depth literature review on visualization techniques for network traffic data analysis. From the review, we identified four key approaches that should be utilized in designing an effective network traffic visualization system: data filtration and transformation, pixel-based visualization, graph representation, and coordinated multi-views. To determine the effectiveness of the four visualization approaches, we developed several prototype visualizations and examined the complexity of implementation, requirement of data preprocessing, understandability of network patterns, and identifiability of abnormal network events.

设计检测入侵性网络活动的创新方法被视为网络安全中最重要的研究主题之一。提出了各种计算方法来发现未知攻击，但要验证可疑活动并了解其独特特征仍然很困难。为了解决此限制，已设计了几种可视化系统，旨在增强可视化理解数据的能力。但是，尚未完全检查可视化技术对网络流量数据分析的有效性。在本文中，我们对网络流量数据分析的可视化技术进行了深入的文献综述。通过审查，我们确定了设计有效的网络流量可视化系统时应采用的四个关键方法：数据过滤和转换，基于像素的可视化，图形表示以及协调的多视图。为了确定四种可视化方法的有效性，我们开发了几种原型可视化，并检查了实现的复杂性，数据预处理的要求，网络模式的可理解性以及异常网络事件的可识别性。