Mining Association Rules for Constructing Network Intrusion Detection Model

摘要

Association rules are one of the most researched areas of data mining and have recently received much attention from the database community. In this paper, associations of the form A→B can be interpreted as "if an object has the set A of attributes then it will often/always have those of B as well". In this paper, concentration will be on those methods that depend on the Apriori algorithm, to find such associations in the data that satisfy the user specified minimum support and minimum confidence constraints. To find rules that involve both frequent and rare items, mininmum support has to be set very low. This may cause combinatorial explosion, because those frequent items will be associated with one another in all possible ways. In order to solve this problem, a novel technique MS-Apriori that allows the user to specify multiple minimum supports to reflect the nature of the items and their frequencies in the database are proposed. Finally, to find the detection of associations of mistakes, several interesting measures such as Chi -Square, R -Interestingness Measures, lift, correlation, conviction rate, and cosine were investigated. Since for the test purposes no standard datasets such as KDD Cup was used, it is hard to evaluate and compare their results. However, in this proposed rule based approach, Experimental results on a KDD cup '99 dataset are provided to show the effectiveness of the proposed model for detecting network intrusion.