Computer Science

Computer Science ›› 2019, Vol. 46 ›› Issue (5): 116-121.doi: 10.11896/j.issn.1002-137X.2019.05.018

Previous Articles     Next Articles

High-performance Association Analysis Method for Network Security Alarm Information

FU Ze-qiang, WANG Xiao-feng, KONG Jun   

  1. (School of Internet of Things Engineering,Jiangnan University,Wuxi,Jiangsu 214122,China)
  • Received:2018-05-08 Revised:2018-07-25 Published:2019-05-15

PDF (PC)

935

Abstract: In the network security defense system,the intrusion detection system will produce massive redundancy and wrong network security warning information in real time.Therefore,it is necessary to mine frequent item patterns from association rules and sequential patterns of alert information,distinguish normal behavior patterns,and screen out real attack information.Compared with Apriori,FP-growth and other algorithms,COFI-tree algorithm possesses bigger advantages of performance ,but it still can not meet the needs offast analysis on large-scale network security information.To this end,this paper proposed an improved network security alert information association analysis algorithm based on COFI-tree algorithm.The algorithm improve the performance of COFI-tree algorithm through node addressing mode based on reverse linked list and frequent item processing method based on new SD structure.The experimental results based on Kddcup99 dataset show that this method can basically guarantee the accuracy,reduce a lot of computing overhead,shorten processing time by more than 21% on average compared with the traditional Cofi algorithm,and solve the problem of low speed in association analysis under massive network alarm information.

Key words: Association analysis, COFI-tree, Data mining, Frequent item sets, Network security

CLC Number: 

  • TP309
[1]LIU X R,LI B S,CHANGA N Q,et al.The Current Network Security Situation and Emergency Network Response.Engineering Sciences,2016,18(6):83-87.(in Chinese)刘欣然,李柏松,常安琪,等.当前网络安全形势与应急响应[J].中国工程科学,2016,18(6):83-87.
[2]HOFMANN A,SICK B.Online intrusion alert aggregation with generative data stream modeling[J].IEEE Transactions on Dependable and Secure Computing,2011,8(2):282-294.
[3]GANAPATHI REDDY K L,SDNIVAS K.GDS an efficient approach for online intrusion alert aggregation[J].International Journal of Computer Application,2012,2(1):13-139.
[4]单莘.一种网络告警的增量式情景规则挖掘方法[C]∥中国通信学会学术年会.2008.
[5]TIAN Z H,ZHANG Y Z,ZHANG W Z.An Adaptive Alert Correlation Method Based on Pattern Mining and Clustering Analysis[J].Journal of Computer Research and Development,2009,46(8):1304-1315.(in Chinese)田志宏,张永铮,张伟哲.基于模式挖掘和聚类分析的自适应告警关联[J].计算机研究与发展,2009,46(8):1304-1315.
[6]ZHENG Z Y,LIU Y.High performance information filteringsystem for large-scale alarm data[J].Computer Engineering and Design,2014,35(2):436-439.(in Chinese)郑哲渊,刘渊.面向大规模告警数据的高性能信息筛选系统 [J].计算机工程与设计,2014,35(2):436-439.
[7]YIN Z H,ZHANG D P,TAN M,et al.Improved Algorithm for Efficiently Mining Maximum Frequent Itemsets Based on Frequent Pattern Tree[J].Journal of University of Jinan(Science and Technology),2017,31(2):111-117.(in Chinese)尹治华,张大鹏,谭明,等.一种改进的基于FP-Tree的高效挖掘最大频繁项目集算法[J].济南大学学报(自然科学版),2017,31(2):111-117.
[8]LIU L J.Research and application of improved Apriorialgorithm[J].Computer Engineering and Design,2017,38(12):3324-3328.(in Chinese)刘丽娟.改进的Apriori算法的研究及应用[J].计算机工程与设计,2017,38(12):3324-3328.
[9]MIAO S Q,ZHENG X S.Research and Implementation of Association Analysis[J].Intelligent Computer and Applications,2018,8(2):138-139.(in Chinese)苗世强,郑晓势.关联分类算法的研究与实现[J].智能计算机与应用,2018,8(2):138-139.
[10]PASQUIER N,BASTIDE Y,TAOUIL R,et al.Discovering frequent closed itemsets for association rules[J].Lecture Notes in Computer Science,1999,1540:398-416.
[11]NIU X Z,SHE K.Mining Maximal Frequent Item Sets with Improved Algorithm of FPMAX[J].Computer Science,2013,40(12):223-227.(in Chinese)牛新征,余堃.基于FPMAX的最大频繁项目集挖掘改进算法[J].计算机科学,2013,40(12):223-227.
[12]WA′EL H,ABURUB F,ALHAWARI S.A new fast associative classification algorithm for detecting phishing websites[J].Applied Soft Computing,2016,48:729-734.
[13]WANG J M,YUAN W.Improved FP-Growth algorithm based on node table[J].Computer Engineering and Design,2018,39(1):140-145.(in Chinese)王建明,袁伟.基于节点表的FP-Growth算法改进[J].计算机工程与设计,2018,39(1):140-145.
[14]SHRIVASTAVA V K,KUMAR P,PARDASANI K R.Fp-tree and cofi based approach for mining of multiple level association tules in large databases[J].International Journal of Computer Science & Information Security,2010,7(2):248-225.
[15]WANG L,FAN X J,LIU X L,et al.Mining data associationbased on a revised FP-growth algorithm[C]∥International Conference on Machine Learning and Cybernetics.IEEE,2012:91-95.
[16]NGUYEN T,HA Q T.Novel Operations for FP-Tree DataStructure and Their Applications[M].Cham:Springer,2014.
[17]TANG W,MA J,ZENG G P.Analysis of Sample Database for Intelligence Intrusion Detection Evaluation[J].Journal of South-Central University for Nationalities(Natural Science Edition),2010,29(2):84-87.(in Chinese)唐菀,马杰,曾广平.评测智能化入侵检测方法的样本库分析[J].中南民族大学学报(自然科学版),2010,29(2):84-87.
[18]ZHANG X Y,ZENG H S,JIA L.Research of intrusion detection system dataset-KDD CUP99[J].Computer Engineering and Design,2010,31(22):4809-4812.(in Chinese)张新有,曾华燊,贾磊.入侵检测数据集 KDD CUP99 研究[J].计算机工程与设计,2010,31(22):4809-4812.
LI F W,ZHENG B,ZHU J,et al.A method of network security situation prediction based on AC-RBF neural network.Journal of Chongqing University of Posts and Telecommunications(Natural Science Edition),2014,26(5):576-581.(in Chinses)李方伟,郑波,朱江,等.一种基于AC-RBF神经网络的网络安全态势预测方法.重庆邮电大学学报(自然科学版),2014,26(5):576-581.
[1] LIU Jie-ling, LING Xiao-bo, ZHANG Lei, WANG Bo, WANG Zhi-liang, LI Zi-mu, ZHANG Hui, YANG Jia-hai, WU Cheng-nan. Network Security Risk Assessment Framework Based on Tactical Correlation [J]. Computer Science, 2022, 49(9): 306-311.
[2] LI Rong-fan, ZHONG Ting, WU Jin, ZHOU Fan, KUANG Ping. Spatio-Temporal Attention-based Kriging for Land Deformation Data Interpolation [J]. Computer Science, 2022, 49(8): 33-39.
[3] ZHAO Dong-mei, WU Ya-xing, ZHANG Hong-bin. Network Security Situation Prediction Based on IPSO-BiLSTM [J]. Computer Science, 2022, 49(7): 357-362.
[4] DU Hong-yi, YANG Hua, LIU Yan-hong, YANG Hong-peng. Nonlinear Dynamics Information Dissemination Model Based on Network Media [J]. Computer Science, 2022, 49(6A): 280-284.
[5] DENG Kai, YANG Pin, LI Yi-zhou, YANG Xing, ZENG Fan-rui, ZHANG Zhen-yu. Fast and Transmissible Domain Knowledge Graph Construction Method [J]. Computer Science, 2022, 49(6A): 100-108.
[6] LYU Peng-peng, WANG Shao-ying, ZHOU Wen-fang, LIAN Yang-yang, GAO Li-fang. Quantitative Method of Power Information Network Security Situation Based on Evolutionary Neural Network [J]. Computer Science, 2022, 49(6A): 588-593.
[7] YAO Xiao-ming, DING Shi-chang, ZHAO Tao, HUANG Hong, LUO Jar-der, FU Xiao-ming. Big Data-driven Based Socioeconomic Status Analysis:A Survey [J]. Computer Science, 2022, 49(4): 80-87.
[8] KONG Yu-ting, TAN Fu-xiang, ZHAO Xin, ZHANG Zheng-hang, BAI Lu, QIAN Yu-rong. Review of K-means Algorithm Optimization Based on Differential Privacy [J]. Computer Science, 2022, 49(2): 162-173.
[9] MA Dong, LI Xin-yuan, CHEN Hong-mei, XIAO Qing. Mining Spatial co-location Patterns with Star High Influence [J]. Computer Science, 2022, 49(1): 166-174.
[10] ZHANG Ya-di, SUN Yue, LIU Feng, ZHU Er-zhou. Study on Density Parameter and Center-Replacement Combined K-means and New Clustering Validity Index [J]. Computer Science, 2022, 49(1): 121-132.
[11] LI Si-ying, XU Yang, WANG Xin, ZHAO Ruo-cheng. Railway Passenger Co-travel Prediction Based on Association Analysis [J]. Computer Science, 2021, 48(9): 95-102.
[12] ZHANG Shi-peng, LI Yong-zhong. Intrusion Detection Method Based on Denoising Autoencoder and Three-way Decisions [J]. Computer Science, 2021, 48(9): 345-351.
[13] CHEN Hai-biao, HUANG Sheng-yong, CAI Jie-rui. Trust Evaluation Protocol for Cross-layer Routing Based on Smart Grid [J]. Computer Science, 2021, 48(6A): 491-497.
[14] XU Hui-hui, YAN Hua. Relative Risk Degree Based Risk Factor Analysis Algorithm for Congenital Heart Disease in Children [J]. Computer Science, 2021, 48(6): 210-214.
[15] WANG Jin-heng, SHAN Zhi-long, TAN Han-song, WANG Yu-lin. Network Security Situation Assessment Based on Genetic Optimized PNN Neural Network [J]. Computer Science, 2021, 48(6): 338-342.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.