Research Of Network Security Audit Based On Data Mining

As network attack problems have become serious increasingly, the importance of network security audit is becoming more and more obvious. Decision tree classification method is an efficient audit data method based on data mining, however, in dealing with large-scale security audit data it encountered the following problems, multiplying growth of the calculation amount, the impact of redundancy and interference attributes, complex rules and a high overfitting degree. To solve these problems, this thesis studies these key technologies in security audit process: feature selection, discretization of continuous attribute, splitting attribute selection standard and decision tree pruning.Firstly, this thesis studies feature selection methods. On the basis of analyzing the existing feature selection methods, feature selection algorithm based on feature similarity is used to reduce audit data dimensions and increase audit rate.Secondly, according to characteristics of decision tree classification method, continuous attribute values in audit data are transformed into discrete ones. By studying these existing discretization methods, an improved discretization method, which is easy to calculate for audit data, is proposed.Thirdly, audit data after preprocessing are analyzed by decision tree classification method. Selection standards of splitting attribute based on information entropy are researched. On the basis of the NG standard whose classification effect is better relatively, an improved method is proposed. By comparing experiment results, it is showed that the improved method raises the classification speed and accuracy. Then decision tree pruning methods are researched and MDL is applied to prune the tree generated by large-scale data sets.Finally, audit data are analyzed by using these above-mentioned methods. Test results show that compared with traditional similar methods, after optimizing the main procedures of decision tree classification method processing audit data, to a certain extent, the speed and accuracy of network security audit are improved.