The Technologies Of Association Rule Learning And Feedback And The Study On Their Applications Of Network Security Audit System

With the rapid development of computer technology, microelectronics, communication technology and other kinds of sciences and technologies, especially the development of the Internet with its large amounts of information resources and rapid convenient efficient way to deliver information, the network has been an important tool in people's study and day-to-day life, but computer viruses, hackers, and any other uncertain dangerous problems have been threatening the security of the information on the network, testing people's wisdom to deal with the network danger and protecting the network security at the same time.The network security audit plays an important role in the process of network security management, and it is also a function that the network environment security must support. At present the network security audit systems for network data used widely at home and abroad are based on the expert feature detection methods. Its merit is that it can make accurate identification and judgment to the already known dangerous behavior patterns, and the defects are low detection efficiency and low automatic adaptation capability of the security audit of unknown behaviors and so on. Learning of association rules is a new method to discover new knowledge and has been a significant aspect of the study on network security audit.This thesis makes a further study on the status quo, the present problems, and developing trends in network security audits at home and abroad at the beginning, describes related conceptions and measure methods, studies the Apriori algorithm, FP-Growth algorithm and some improved algorithm ideas related in association rule learning, especially focuses on the Apriori algorithm. It casts about for frequent item sets in database D using the method of iterative search layer by layer. This algorithm is easy to understand and make it carry out. But it has two vital defects, one is that it needs N times to scan database D during the whole process, and the other one is that it produces lots of candidate frequent item sets.For the defects of Apriori, this thesis puts forward an improved matrix-based association rule learning algorithm, with the characteristics that it only needs one time to scan database during the whole learning process and does not produce any frequent item sets. The improved algorithm scans database D one time, switching the relationship of affair Tm and data item Ik to the structural relationship of Matrix (i*j), using Boolean data 1 and 0 to present whether data item Ik is included in affair Tm.. The core idea of the improved algorithm is to make logic and operation of the row vectors(Ik&Ii)in Boolean matrix, taking count of the result by 1 and comparing minimum support degree to achieve the corresponding frequent item sets. The improved algorithm makes some corresponding pruning operation on the result of logic and operation, taking frequent 1– item set as the prerequisite to mine and learn frequent k item set and then creates available association rules according to related measure methods. Then, for the improved association rule learning algorithm and the classical Apriori algorithm, this thesis makes simulation experiments. The results show that the improved algorithm can efficiently cut down the complexity of the time and space of the association rules learning.Finally, basing on the core idea of improved association rule learning algorithms, this thesis designs and achieves simple models of network security audit. The experiments show that the improved learning algorithm of association rules in network security audits have better performance of automatic adaptive capacity, achieving the expected effect.