The Research On IDS Based On Mining Max Frequent Itemset Using Big Step Pruning Strategy

Frequent itemset mining plays a crucial role in many data mining applications. It occurs in the discovery of association rules, strong rules, correlations, multidimensional patterns, and many other important discovery tasks. Frequent itemset mining dominates the time complexity of the discovery algorithms. It has been observed that it suffices to mine only the set of maximal frequent itemsets instead of every frequent itemsets. This dissertation work focuses on maximal frequent itemset mining and its application. Several aspects were probed into as follows.Firstly, Based on the in-depth analysis, a novel and powerful pruning strategy, called big-step backtrack strategy, is presented in this dissertation. Compared with all the previous pruning strategies, which backtrack step by step, the big-step backtrack strategy can backtrack best up to k levels when a k-length maximal frequent itemset has been found.Secondly, A novel algorithm for mining maximal frequent itemsets, called DoMax (Doing Maximal), is presented in this dissertation. DoMax employs a vertical database layout scheme. Along with depth first search strategy, it uses a number of optimization techniques to prune root pruning, frequent extending space efficiently.Finally, Based on maximal frequent itemset mining, an intrusion detection system model, called MMFIID (Mining Maximal Frequent Itemset for Intrusion Detection) is presented. In this dissertation, a novel algorithm for mining interesting maximal itemsets, called DoMax_for_IDS, is proposed. MMFIID works in two stages. In the first stage, it builds up the system and the user's normal profile from attack-free training data and attack models from training data with attack activities and normal activities by mining maximal frequent itemsets hidden in the training data sets. In the second stage, itemploys a sliding window to check each link record in the the maximal frequent itemsets in the sliding window to see if any attack is taking place. The experimental results show that MMFIID is efficient and accurate for the attacks that occur intensively in a short period of time.