Research And Implementation Of The Adaptive Network Security Audit System Based On Data Mining

With the rapid development of computer technology and network technology,it brings countless benefits,so people are increasingly dependent on information network.However, some sensitive information and even some state secrets will inevitably attract a variety of attacks from all over the world,such as computer viruses, data tampered, data deleted and added, information leaked and stealed and so on.In view of these security threats which emerge one after another,it is urgent to need network security audit for effective monitoring and management on the above problems. In the network security audit system,now experts pre-defining and mathematical statistics methods are adopted, but the disadvantages of the two approaches are that it bring about omission and misstatement's phenomenon and can't test the new abnormal behavior. Along with the increasing network data flow dramatically and the growing complexity of network structure, choosing what kind of technology to make a comprehensive, accurate and high-speed analysis on audit data has become a research focus. Aiming at these problems, this paper presents an adaptive network security audit techniques based on data mining and the main work is as follows:(1) Firstly, this paper elaborates the status and the development trend of domestic and international network security audit of in detail, then study several data mining methods's application in network security audit, at last select the association rule mining for network security audit. Aiming at drawbacks of a single minimum support, this paper makes a further study on classical association rules mining algorithm-Apriori algorithm, multiple minimum supports algorithm-MS-Apriori algorithm, association rules mining algorithm with multiple minimum supports using maximum constraints-MSC-Apriori algorithm, mining frequent itemsets algorithm based on directed graph, comparing the advantages and disadvantages of several algorithms, thus points out improving direction for specific application of association rules mining algorithm in network security audit .(2) Aiming at the disadvangtages of the Apriori algorithm with single support and needing to scan the transaction database for N times, this paper proposes an optimized association rules mining algorithm with multiple minimum supports using maximum constraints based on directed graph. This optimized algorithm combines multiple minimum supports algorithm-MSC-Apriori algorithm with mining frequent itemsets algorithm based on directed graph. The optimized algorithm adopts three pruning strategies and depth-first traversal method to generate frequent itemsets and need to scan the database only one time. This optimized algorithm can find frequent itemsets with common meaning efficiently, further find valuable rare data sets, thereby improving association rules's discovering algorithm. Comparing MSC-Apriori algorithm with optimized algorithm in the same experimental conditions, the optimized algorithm costs less time than MSC-Apriori algorithm in different data sets, so the optimized algorithm's efficiency is higher than the MSC-Apriori algorithm. Comparing Apriori algorithm with the optimized algorithm, the optimized algorithm has higher efficiency in rules than Apriori algorithm, moreover can discover the valuable rare data.(3) According to core thought of the improved association rules mining algorithm, this paper designs and realizes the adaptive network security audit system. The adaptive ability mainly manifests in two aspects: Can detect the unknown abnormal behavior, and can operate fast and steadily under the mass data. Through experimental analysis, this system has the obvious advantages compared with the general audit methods in the two aspects, and has gained good results.