With the network popularizes, the network security catches more and more attention. Relative to invasion from the network outside, abnormal operations of inside compose bigger threat to system security. Audit log analysis can discover the abnorm operations of internal users by data mining and pattern matching techniques so as to adjust the secutity policies to protect the system. Nowadays, be in informatization tides to drive down, audit log analysis technique changes with each passing day.In this paper, we propose an improved method, the NEFP algorithm, based on FP-growth algorithm, which does not generate the condition FP-tree, and design incremental updating algorithm of association rules. Secondly, we propose a transformational technique of user behavior pattern base, aiming at the great deal of logs in military information network, and design a pattern matching algorithm based on frequency priority. Finally, we experiment the algorithms and techniques with the LAN resource control system and mine and analyze the logs of the system. The results show the efficiency and accuracy of the techniques. |