| With the development of network technology and the popularity of Internet, the problem of computer network security becomes more and more serious. Diverse attack methods and application environment make the network more vulnerable and more threatening. Facing different security events in complex networks, network security devices such as firewalls, intrusion detection systems will generate huge amounts of alerts every moment. How to find valuable information and potential attack threat from these alerts becomes an important problem.In this paper, according to the huge quantity of different alerts, fuzzy set theory is introduced. We divide the count of different alerts in a duration time to fuzzy sets and find the potential attacks by fuzzy association rules mining of data mining technique.Firstly, we introduce the background of data mining and the knowledge of association rules. Then we analyze the classic Apriori-algorithm and its shortcomings in the performance.Secondly, we analyze the limit that traditional association rules can only be used with Boolean type data. According to more quantitative type data, fuzzy set theory and fuzzy association rules used in quantitative association rules mining are introduced.Thirdly, we put forward a fuzzy association rules mining algorithm based on fuzzy matrix which is improved in the performance compared with the traditional algorithm.Lastly, the paper mainly researches the application of fuzzy association rules mining algorithm in security event correlation. According to generation of alerts, we further improve the algorithm by adding the time-window property and find the attack steps by mining the longest time-sequenced alerts fuzzy frequent itemsets. The scheme proposed in this paper has been proved effective in the experiment using the standard data set Darpa2000 DDOS1.0 of MIT's Lincoln Laboratory. |
PDF Full Text Request