| The security log audit system based on data mining, generates user normal patterns through analyzing logs of network equipment, discovers the abnormal logs by comparing the current logs with the user normal pattern, creates reports that reflect network status and give warning when necessary. The thesis focuses on solving the potential problems with mining the frequent pattern and incremental update in the audit system, and improved algorithms are put forward.In the aspect of association rules, the thesis is based on the classic Apriori algorithm and other existing improved algorithms, in combination with the log characteristics, proposes the concept of main attribute, and then gets it improved by the way of reducing scanning times and the number of candidate items, which makes it applicable to the log audit system. Taking the daily updating feature of logs into account, the thesis puts forward an improved algorithm by which less scanning times are needed by making use of mined frequent pattern, based on the current research with pattern update.Finally, apply the algorithms above described to audit system, and relevant tests are given out. Experiment results indicate that the algorithms proposed in the thesis are capable of logs audit and analyze, abnormal behavior detection of users, and the visual statistical reports generation for users to check when necessary. |
PDF Full Text Request