The Research Of Traffic Identification Based On The Association Rule Mining

With the further development of the Internet, network and continuous improvement in the speed and scale of the expansion, as well as increasing user demand, many new types of network applications has appeared. These new applications showing the structure of complex, ever-changing features, and it has more complex network traffic and patterns compared with traditional technology. These new features brought many new problems and difficulties to the network administrators in identifying and controlling the traffic on the Internet. At present, most of the traffic identification technologies mainly use feature matching to identify network traffic, the advantages of this method are fast, high rate of recognition accuracy, but the disadvantage is that it can't recognize the unknown network traffic, and this method mainly use the way of manually search for application layer signature to update the characteristics of the Treasury, so the compiling efficiency is very low, it is difficult to deal with the endless stream of new network application model. The association rules mining technology will be good at extracting useful rules from a lot of data. Obviously, it is a good way to use the association rules mining technology to help security experts in extracting the characteristics of the application layer. Based on this program, This paper presents a method, which uses of association rules mining technology extracting the application layer signatures from IP traffic to research and design traffic identification system.This paper first analyzes the significance of identifying network traffic, summarizes the Research situation of traffic identification technology at home and abroad and analyzes the advantages and disadvantages of the traffic identification technology. And then studies the functions and features of the data mining technology, and shows several types of data mining method, and then set out how to use Apriori algorithm (which is mainly used for mining association rules) to extracting the signature applications, in this issue it is mainly to use Apriori's mining frequent item sets method to extracting candidate signatures. Finally, this paper gives out in detail the design and the implementation procedure of the traffic identification system, and gives the experimental results, which show that this method has high rate of accuracy and efficiency, it meets the actual needs of network applications.