Research On Security Threat Awareness Methods Based On Association Rules

With the rapid development of the Internet,network security(i.e.cyber security)has become a serious problem.Traditional cyber security technologies are mainly based on negative strategies,which are based on defense,i.e.firewall,intrusion detection system and anti-virus software,etc.On one hand,with the development of network technology,the network threats are also evolving.On the other hand,data mining techniques establish the theoretical foundation for large-scale security log analysis.In network security field,applying the data mining techniques to security threat perception is meaningful.This paper researched on security threat perception using association rules method of data mining.This method that made threat perception positive rather than negative strategy in threat perception is of great application prospect.At first,we surveyed on network security threat perception,and made a research on association rule in data mining field,and analyzed each of them about principle,character and usage in network security threat perception.Then,this paper proposed a framework of network security perception based on association rule,and organized different data transformation methods for different association rules.After that,this paper proposed a new association rule mining algorithm based on transaction vectors.By tree-like candidates generation,this algorithm accelerated the joining speed,and utilized candidate optimization to reduce joining operations.Thus,we improved the mining efficiency.This paper also discussed about the application of sequential episode pattern in network security threat perception.In the background of network threats,we proposed an idea about direct-mining longer episodes,and presented the theoretical analysis.Furthermore,this paper proposed a new algorithm,which mined sequential episode pattern based on dynamic programming.This algorithm can mine longer threat episodes in security events.Experimental results showed that our method is efficient and simple,and is very suitable for security threat analysis.Also,the experiments showed that new algorithm is faster than WINEPI algorithm which is based on automaton.Rules we extract from logs is more concise.At last,this paper gave a summary about the work,and made a prospection of the future work.