Study On Association Rules Algorithm And Application In Network Security Audit System

As one of the important mechanisms implementing network informationsecurity, Security audit has a significant effect on establishing a set ofnetwork security assurance system. However there are some problems intraditional security audit system such as low rate of accuracy, slow speed and poorself-adaptability. In order to solve these problems, there presented network securityaudit system based on data mining in recent years. Data mining is a new developingand advanced intelligent datum analytical method, which are used widely within shorttime. It aims at drawing hidden prediction information from a large number ofdata, digging the potential mode among the data, finding out the informationwhich is often been neglected, and then presents the information to users in aneasy-understanding way.The dissertation firstly studies the current state and development trend in securityaudit field and data mining technology, then puts forwards a solution of networksecurity audit system based on data mining and provides the realization of keytechnology, It focus on the algorithm of association rules and proposes a newalgorithms for mining frequent patterns based on reverse FP-tree.Main achievement of the thesis is as follows: Firstly, Security audit and datamining technology are studied, By finding out the combination between data miningand security audit in technology, the security auditing system based on data mining isset up;Secondly, we focus on the algorithm of association rules and study the Aprioriand FP-Growth algorithm which have been proved to be efficient to mine associationrules. As to the question that these two algorithms exist , an improved algorithm basedon reverse FP-tree is proposed, The new algorithm which mines frequent patterns byfinding the frequent extensions and merging sub-trees in a conversely constructedFP-tree not produces condition FP-tree during mining. The performance of theimproved algorithm is superior to the one of existing algorithm both in time and spaceconsuming;Thirdly, it proposes the solution and system model of network securityaudit based on data mining, in this system the improved algorithm is used and hasrealized the detection of unusual behaviors and attack, this system improves the speedof audit and the rate of accuracy.Both data mining and network security audit system based on datamining are focused on at present, the dissertation proposes a proved algorithmand its application in security audit system based on data mining, It provesthrough practice that the improved algorithm is superior to FP-Growth both intime and space consuming and has a good scalability.