| As one of the important mechanisms implementing network information security, Log audit has a significant effect on establishing a set of network security assurance system. However there are some problems in traditional log audit system such as low rate of accuracy, slow speed and poor self-adaptability. In order to solve these problems, there presented network log audit system based on data mining in recent years. Data mining is a new developing and advanced intelligent datum analytical method, which are used widely within short time. It aims at drawing hidden prediction information from a large number of data, digging the potential mode among the data, finding out the information which is often been neglected, and then presents the information to users in an easy understanding way.Main achievement of the thesis is as follows:Firstly, network management; security audit and data mining technology were studied. By finding out the combination between data mining and network management log audit in technology, the log auditing system based on data mining was set up.Secondly, we focused on the algorithm of association rules and studied the Apriori and FP-Growth algorithm, which have been proved to be efficient to mine association rules. As to the question that these two algorithms exist,we built some new algorithms, such as FP binary tree, FP sorting tree and improved algorithm based on storing, searching and traversing. The performance of these new algorithms was superior to the one of existing algorithm both in time and space consuming through the analysis of algorithm and system result.Thirdly, we studied and analyzed the log format of familiar network equipments. We also put forward the definition of standard events. All collected log events should be transformed to standard events through data pretreatment. Otherwise, the log events should be graded and reinforced for data mining facility and report creation,Fourthly, we put forward the formalized definition of network fault management based on the theory of Petri-net. It is a new solution for improves the efficiency of fault management and the standardization of process.Fifthly, we proposed the solution and system model of network log audit based on data mining. In this system, a lot of data mining technologies and theories were used and the speed of audit and the rate of accuracy were improved.At present, both data mining and network log audit system become the focus of attention. And the dissertation proposed some new algorithms and the application in log audit system based on data mining. It was proved that the improved algorithm is superior to FP-Growth both in time and space consuming and had a good scalability. |
PDF Full Text Request