基于改进Apriori算法的网络入侵数据挖掘仿真

Network Intrusion Data Mining Simulation Based on Improved Apriori Algorithm

当前的网络入侵数据挖掘方法大多应用Apriori算法,但是传统Apriori算法存在数据负载大、冗余性高、效率低的问题。为降低数据规模对入侵数据挖掘效率的影响,提出新的基于改进Apriori算法的网络入侵数据挖掘方法。通过可拓理论改进Apriori算法,建立MEOM函数,计算入侵行为与正常行为之间的阈值距离,并与标准设定阈值相比较,挖掘网络入侵数据。基于此,改进分类规则生成算法,分类待挖掘网络入侵的数据类型,并赋予不同标签,便于网络安全状态的数据检测与管理。仿真结果表明,上述方法入侵数据挖掘数量优势明显;数据挖掘效率受数据规模和最小支持度影响较小;数据挖掘运行时间和关联规则数量受最小置信度阈值和最小支持度阈值影响较大,最小置信度阈值是0.55、最小支持度阈值是0.5时,该方法挖掘效率最高。

At present, most of the network intrusion data mining methods are based on the Apriori algorithm, but these algorithms have the problems of large data load, high redundancy and low efficiency. Therefore, this paper presented a method of mining network intrusion data based on an improved Apriori algorithm. In this paper, the extension theory was adopted to improve the Apriori algorithm. Firstly, we established MEOM functions, calculated the threshold distance between intrusion behavior and normal behavior, and then compared it with the standard threshold to mine network intrusion data. On this basis, we improved the algorithm of generating classification rules to classify the data types, and gave different labels to the data of network intrusion to be mined. It is convenient for data detection and management of network security status. The following conclusions can be drawn from simulation results. The proposed method has a significant advantage in the number of intrusion data mining. The data mining efficiency is less affected by data size and minimum support. The running time of data mining and the number of association rules are greatly affected by the minimum confidence threshold and minimum support threshold. In addition, the mining efficiency is the highest when the minimum confidence threshold is 0.55 and the minimum support threshold is 0.5.