Research on audit log association rule mining based on improved Apriori algorithm

摘要

Aimed at solving the problem of low-level intelligence and low utilization of audit logs of the security audit system, a secure audit system based on association rule mining is proposed in this paper. The system is able to take full advantage of the existing audit logs, establish the behavior pattern database of users and the system with data mining technique, and discover abnormal situation in a timely manner, which improves the security of computer system. We propose an improved E-Apriori algorithm which narrows the scanning range of the transactions, lowers the time complexity, and refines the operating efficiency. Experiment results on the Weka platform indicate that our proposed E-Apriori algorithm clearly outperforms the traditional Apriori algorithm, especially in the large sparse datasets.