检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
机构地区:[1]信息工程大学,郑州450001
出 处:《计算机应用》2016年第7期1847-1851,共5页journal of Computer Applications
基 金:国家自然科学基金资助项目(61072047)~~
摘 要:针对安全审计系统中存在的智能程度低、日志信息没有充分利用的问题,提出一个基于关联规则挖掘的安全审计系统。该系统充分利用已有审计日志,结合数据挖掘技术,建立用户及系统的行为模式数据库,做到及时发现异常情况,提高了计算机的安全性。在传统Apriori算法的基础上提出一种改进的E-Apriori算法,该算法可以缩小待扫描事务集合的范围,降低算法的时间复杂度,提高运行效率。实验结果表明基于关联规则挖掘的审计系统对攻击类型的识别能力提升在10%以上,改进的E-Apriori算法相比经典Apriori算法和FP-GROWTH算法在性能上得到了提高,特别是在大型稀疏数据集中最高达到51%。Aiming at the problem of low-level intelligence and low utilization of audit logs of the security audit system, a secure audit system based on association rule mining was proposed. The proposed system was able to take full advantage of the existing audit logs and establish the behavior pattern database of users and the system with data mining technique. The abnormal situation was discovered in a timely manner and the security of computer system was improved. An improved EApriori algorithm was proposed which could narrow the scanning range of the set of transactions, lower the time complexity,and refine the operating efficiency. The experimental results indicate that the lift of recognition capability to identify the type of attack can reach 10% in the secure audit system based on association rule mining, the proposed E-Apriori algorithm clearly outperforms the traditional Apriori algorithm and FP-GROWTH algorithm, and the maximum increase can reach 51%especially in the large sparse datasets.
关 键 词:安全审计系统 审计日志 数据挖掘 关联规则挖掘 APRIORI算法
分 类 号:TP391.4[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.195