Computer Science ›› 2019, Vol. 46 ›› Issue (5): 116-121.doi: 10.11896/j.issn.1002-137X.2019.05.018

Previous Articles     Next Articles

High-performance Association Analysis Method for Network Security Alarm Information

FU Ze-qiang, WANG Xiao-feng, KONG Jun   

  1. (School of Internet of Things Engineering,Jiangnan University,Wuxi,Jiangsu 214122,China)
  • Received:2018-05-08 Revised:2018-07-25 Published:2019-05-15

Abstract: In the network security defense system,the intrusion detection system will produce massive redundancy and wrong network security warning information in real time.Therefore,it is necessary to mine frequent item patterns from association rules and sequential patterns of alert information,distinguish normal behavior patterns,and screen out real attack information.Compared with Apriori,FP-growth and other algorithms,COFI-tree algorithm possesses bigger advantages of performance ,but it still can not meet the needs offast analysis on large-scale network security information.To this end,this paper proposed an improved network security alert information association analysis algorithm based on COFI-tree algorithm.The algorithm improve the performance of COFI-tree algorithm through node addressing mode based on reverse linked list and frequent item processing method based on new SD structure.The experimental results based on Kddcup99 dataset show that this method can basically guarantee the accuracy,reduce a lot of computing overhead,shorten processing time by more than 21% on average compared with the traditional Cofi algorithm,and solve the problem of low speed in association analysis under massive network alarm information.

Key words: COFI-tree, Network security, Frequent item sets, Data mining, Association analysis

CLC Number: 

  • TP309
[1]LIU X R,LI B S,CHANGA N Q,et al.The Current Network Security Situation and Emergency Network Response.Engineering Sciences,2016,18(6):83-87.(in Chinese)刘欣然,李柏松,常安琪,等.当前网络安全形势与应急响应[J].中国工程科学,2016,18(6):83-87.
[2]HOFMANN A,SICK B.Online intrusion alert aggregation with generative data stream modeling[J].IEEE Transactions on Dependable and Secure Computing,2011,8(2):282-294.
[3]GANAPATHI REDDY K L,SDNIVAS K.GDS an efficient approach for online intrusion alert aggregation[J].International Journal of Computer Application,2012,2(1):13-139.
[4]单莘.一种网络告警的增量式情景规则挖掘方法[C]∥中国通信学会学术年会.2008.
[5]TIAN Z H,ZHANG Y Z,ZHANG W Z.An Adaptive Alert Correlation Method Based on Pattern Mining and Clustering Analysis[J].Journal of Computer Research and Development,2009,46(8):1304-1315.(in Chinese)田志宏,张永铮,张伟哲.基于模式挖掘和聚类分析的自适应告警关联[J].计算机研究与发展,2009,46(8):1304-1315.
[6]ZHENG Z Y,LIU Y.High performance information filteringsystem for large-scale alarm data[J].Computer Engineering and Design,2014,35(2):436-439.(in Chinese)郑哲渊,刘渊.面向大规模告警数据的高性能信息筛选系统 [J].计算机工程与设计,2014,35(2):436-439.
[7]YIN Z H,ZHANG D P,TAN M,et al.Improved Algorithm for Efficiently Mining Maximum Frequent Itemsets Based on Frequent Pattern Tree[J].Journal of University of Jinan(Science and Technology),2017,31(2):111-117.(in Chinese)尹治华,张大鹏,谭明,等.一种改进的基于FP-Tree的高效挖掘最大频繁项目集算法[J].济南大学学报(自然科学版),2017,31(2):111-117.
[8]LIU L J.Research and application of improved Apriorialgorithm[J].Computer Engineering and Design,2017,38(12):3324-3328.(in Chinese)刘丽娟.改进的Apriori算法的研究及应用[J].计算机工程与设计,2017,38(12):3324-3328.
[9]MIAO S Q,ZHENG X S.Research and Implementation of Association Analysis[J].Intelligent Computer and Applications,2018,8(2):138-139.(in Chinese)苗世强,郑晓势.关联分类算法的研究与实现[J].智能计算机与应用,2018,8(2):138-139.
[10]PASQUIER N,BASTIDE Y,TAOUIL R,et al.Discovering frequent closed itemsets for association rules[J].Lecture Notes in Computer Science,1999,1540:398-416.
[11]NIU X Z,SHE K.Mining Maximal Frequent Item Sets with Improved Algorithm of FPMAX[J].Computer Science,2013,40(12):223-227.(in Chinese)牛新征,余堃.基于FPMAX的最大频繁项目集挖掘改进算法[J].计算机科学,2013,40(12):223-227.
[12]WA′EL H,ABURUB F,ALHAWARI S.A new fast associative classification algorithm for detecting phishing websites[J].Applied Soft Computing,2016,48:729-734.
[13]WANG J M,YUAN W.Improved FP-Growth algorithm based on node table[J].Computer Engineering and Design,2018,39(1):140-145.(in Chinese)王建明,袁伟.基于节点表的FP-Growth算法改进[J].计算机工程与设计,2018,39(1):140-145.
[14]SHRIVASTAVA V K,KUMAR P,PARDASANI K R.Fp-tree and cofi based approach for mining of multiple level association tules in large databases[J].International Journal of Computer Science & Information Security,2010,7(2):248-225.
[15]WANG L,FAN X J,LIU X L,et al.Mining data associationbased on a revised FP-growth algorithm[C]∥International Conference on Machine Learning and Cybernetics.IEEE,2012:91-95.
[16]NGUYEN T,HA Q T.Novel Operations for FP-Tree DataStructure and Their Applications[M].Cham:Springer,2014.
[17]TANG W,MA J,ZENG G P.Analysis of Sample Database for Intelligence Intrusion Detection Evaluation[J].Journal of South-Central University for Nationalities(Natural Science Edition),2010,29(2):84-87.(in Chinese)唐菀,马杰,曾广平.评测智能化入侵检测方法的样本库分析[J].中南民族大学学报(自然科学版),2010,29(2):84-87.
[18]ZHANG X Y,ZENG H S,JIA L.Research of intrusion detection system dataset-KDD CUP99[J].Computer Engineering and Design,2010,31(22):4809-4812.(in Chinese)张新有,曾华燊,贾磊.入侵检测数据集 KDD CUP99 研究[J].计算机工程与设计,2010,31(22):4809-4812.
LI F W,ZHENG B,ZHU J,et al.A method of network security situation prediction based on AC-RBF neural network.Journal of Chongqing University of Posts and Telecommunications(Natural Science Edition),2014,26(5):576-581.(in Chinses)李方伟,郑波,朱江,等.一种基于AC-RBF神经网络的网络安全态势预测方法.重庆邮电大学学报(自然科学版),2014,26(5):576-581.
[1] ZHANG Yu, LU Yi-hong, HUANG De-cai. Weighted Hesitant Fuzzy Clustering Based on Density Peaks [J]. Computer Science, 2021, 48(1): 145-151.
[2] YOU Lan, HAN Xue-wei, HE Zheng-wei, XIAO Si-yu, HE Du, PAN Xiao-meng. Improved Sequence-to-Sequence Model for Short-term Vessel Trajectory Prediction Using AIS Data Streams [J]. Computer Science, 2020, 47(9): 169-174.
[3] ZHANG Su-mei and ZHANG Bo-tao. Evaluation Model Construction Method Based on Quantum Dissipative Particle Swarm Optimization [J]. Computer Science, 2020, 47(6A): 84-88.
[4] BAI Xue, Nurbol and WANG Ya-dong. Map Analysis for Research Status and Development Trend on Network Security Situational Awareness [J]. Computer Science, 2020, 47(6A): 340-343.
[5] YUAN De-yu, ZHANG Yi-fan, GAO Jian and SUN Hai-chun. Abnormal User Detection Method in Sina Weibo Based on User Feature Extraction [J]. Computer Science, 2020, 47(6A): 364-368.
[6] DENG Tian-tian, XIONG Yin-qiao and HE Xian-hao. Novel Clustering Algorithm Based on Timing-featured Alarms [J]. Computer Science, 2020, 47(6A): 440-443.
[7] LI Li. Classification Algorithm of Distributed Data Mining Based on Judgment Aggregation [J]. Computer Science, 2020, 47(6A): 450-456.
[8] BAI Wei, PAN Zhi-song, XIA Shi-ming, CHENG Ang-xuan. Network Security Configuration Generation Framework Based on Genetic Algorithm Optimization [J]. Computer Science, 2020, 47(5): 306-312.
[9] YU Hang, WEI Wei, TAN Zheng, LIU Jing-lei. Contextual Preference Collaborative Measure Framework Based on Belief System [J]. Computer Science, 2020, 47(4): 74-84.
[10] DING Wu, MA Yuan, DU Shi-lei, LI Hai-chen, DING Gong-bo, WANG Chao. Mining Trend Similarity of Multivariate Hydrological Time Series Based on XGBoost Algorithm [J]. Computer Science, 2020, 47(11A): 459-463.
[11] ZHANG Cheng-wei, LUO Feng-e, DAI Yi. Prediction Method of Flight Delay in Designated Flight Plan Based on Data Mining [J]. Computer Science, 2020, 47(11A): 464-470.
[12] CHEN Pei, ZHENG Wan-bo, LIU Wen-qi, XIAO Min, ZHANG Ling-xiao. Analysis and Forecast of Some Climate Indexes in Main Producing Areas of Yunnan Province Based on Multiple Models [J]. Computer Science, 2020, 47(11A): 496-503.
[13] SUN Tian-xu, ZHAO Yun-long, LIAN Zuo-wei, SUN Yi, CAI Yue-xiao. Mobility Pattern Mining for People Flow Based on Spatio-Temporal Data [J]. Computer Science, 2020, 47(10): 91-96.
[14] LIU Hai-bo,WU Tian-bo,SHEN Jing,SHI Chang-ting. Advanced Persistent Threat Detection Based on Generative Adversarial Networks and Long Short-term Memory [J]. Computer Science, 2020, 47(1): 281-286.
[15] LIU Chang-yun,YANG Yu-di,ZHOU Li-hua,ZHAO Li-hong. Discovering Popular Social Location with Time Label [J]. Computer Science, 2019, 46(7): 186-194.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
[1] LEI Li-hui and WANG Jing. Parallelization of LTL Model Checking Based on Possibility Measure[J]. Computer Science, 2018, 45(4): 71 -75 .
[2] SUN Qi, JIN Yan, HE Kun and XU Ling-xuan. Hybrid Evolutionary Algorithm for Solving Mixed Capacitated General Routing Problem[J]. Computer Science, 2018, 45(4): 76 -82 .
[3] ZHANG Jia-nan and XIAO Ming-yu. Approximation Algorithm for Weighted Mixed Domination Problem[J]. Computer Science, 2018, 45(4): 83 -88 .
[4] WU Jian-hui, HUANG Zhong-xiang, LI Wu, WU Jian-hui, PENG Xin and ZHANG Sheng. Robustness Optimization of Sequence Decision in Urban Road Construction[J]. Computer Science, 2018, 45(4): 89 -93 .
[5] SHI Wen-jun, WU Ji-gang and LUO Yu-chun. Fast and Efficient Scheduling Algorithms for Mobile Cloud Offloading[J]. Computer Science, 2018, 45(4): 94 -99 .
[6] ZHOU Yan-ping and YE Qiao-lin. L1-norm Distance Based Least Squares Twin Support Vector Machine[J]. Computer Science, 2018, 45(4): 100 -105 .
[7] LIU Bo-yi, TANG Xiang-yan and CHENG Jie-ren. Recognition Method for Corn Borer Based on Templates Matching in Muliple Growth Periods[J]. Computer Science, 2018, 45(4): 106 -111 .
[8] GENG Hai-jun, SHI Xin-gang, WANG Zhi-liang, YIN Xia and YIN Shao-ping. Energy-efficient Intra-domain Routing Algorithm Based on Directed Acyclic Graph[J]. Computer Science, 2018, 45(4): 112 -116 .
[9] CUI Qiong, LI Jian-hua, WANG Hong and NAN Ming-li. Resilience Analysis Model of Networked Command Information System Based on Node Repairability[J]. Computer Science, 2018, 45(4): 117 -121 .
[10] WANG Zhen-chao, HOU Huan-huan and LIAN Rui. Path Optimization Scheme for Restraining Degree of Disorder in CMT[J]. Computer Science, 2018, 45(4): 122 -125 .