【作者】 杨仁华；

【导师】 刘培玉；

【作者基本信息】 山东师范大学 ， 计算机软件与理论， 2010， 硕士

【摘要】 随着计算机技术、微电子技术、通信技术等科学技术的发展,特别是互联网(Internet)以其海量的信息资源、方便快捷高效的信息交流方式等技术的出现与发展,网络已成为人们学习生活的重要工具,但病毒、黑客以及其它不确定的危险问题一直威胁着网络信息安全,同时也时刻考验着人类在应对网络危险、保护网络安全等方面的智慧。网络安全审计在网络安全管理的过程中扮演着重要的角色,也是网络环境安全所必须支持的功能。目前国内外普遍采用的是基于专家特征检测方法对网络数据信息安全审计,此类方法存在效率低、对未知行为安全审计自适应能力差等不足。关联规则学习是一类新型的知识发现方法,已成为网络安全审计的重要研究方向。本文首先对国内外网络安全审计的现状及面临的问题、发展趋势进行了深入的学习与研究,学习了关联规则的相关概念及度量方法;研究了关联规则学习经典Apriori算法、FP-Growth算法及相关改进算法思想等,特别是对Apriori算法做了重点研究。Apriori算法采用逐层搜索迭代的方法在事务数据库D中寻找频繁项集,此算法理解与实现都非常容易,但存在两处致命缺陷,一是在整个过程中需要N次扫描事务数据库,二是产生较大规模的候选频繁项集。本文主要工作是针对Apriori算法的缺点提出了一种基于矩阵的Apriori关联规则学习改进算法,其特点是整个关联规则学习过程中只需要一次扫描事务数据库,同时不产生候选频繁项集。过程描述如下:改进算法对事务数据库D扫描一次,同时将D中的事务Tm与数据项Ik的关系转换成矩阵Matrix(i * j)结构关系,以布尔数据1和0表示数据项Ik是否包含于事务Tm中。改进算法核心思想是对布尔矩阵的行向量(Ik&Ii)进行逻辑与运算,对运算结果按1计数并比较最小支持度,从而得到相关的频繁项集;改进算法对“与”运算的结果进行相应的剪枝操作,以频繁1-项集为前提进行频繁k项集的挖掘学习,然后根据相关度量方法生成有效关联规则。其次,对改进关联规则学习算法及经典Apriori算法进行了仿真实验,实验分析表明改进算法能够有效减少关联规则学习的时间及空间复杂度。最后根据改进的关联规则学习算法的核心思想,对网络安全审计模型进行了设计,并给予实现。实验结果表明,改进的关联规则学习算法在网络安全审计的自适应能力上有较好表现,取得了预期效果。更多还原

【Abstract】 With the rapid development of computer technology, microelectronics, communication technology and other kinds of sciences and technologies, especially the development of the Internet with its large amounts of information resources and rapid convenient efficient way to deliver information, the network has been an important tool in people’s study and day-to-day life, but computer viruses, hackers, and any other uncertain dangerous problems have been threatening the security of the information on the network, testing people’s wisdom to deal with the network danger and protecting the network security at the same time.The network security audit plays an important role in the process of network security management, and it is also a function that the network environment security must support. At present the network security audit systems for network data used widely at home and abroad are based on the expert feature detection methods. Its merit is that it can make accurate identification and judgment to the already known dangerous behavior patterns, and the defects are low detection efficiency and low automatic adaptation capability of the security audit of unknown behaviors and so on. Learning of association rules is a new method to discover new knowledge and has been a significant aspect of the study on network security audit.This thesis makes a further study on the status quo, the present problems, and developing trends in network security audits at home and abroad at the beginning, describes related conceptions and measure methods, studies the Apriori algorithm, FP-Growth algorithm and some improved algorithm ideas related in association rule learning, especially focuses on the Apriori algorithm. It casts about for frequent item sets in database D using the method of iterative search layer by layer. This algorithm is easy to understand and make it carry out. But it has two vital defects, one is that it needs N times to scan database D during the whole process, and the other one is that it produces lots of candidate frequent item sets.For the defects of Apriori, this thesis puts forward an improved matrix-based association rule learning algorithm, with the characteristics that it only needs one time to scan database during the whole learning process and does not produce any frequent item sets. The improved algorithm scans database D one time, switching the relationship of affair Tm and data item Ik to the structural relationship of Matrix (i*j), using Boolean data 1 and 0 to present whether data item Ik is included in affair Tm.. The core idea of the improved algorithm is to make logic and operation of the row vectors(Ik&Ii)in Boolean matrix, taking count of the result by 1 and comparing minimum support degree to achieve the corresponding frequent item sets. The improved algorithm makes some corresponding pruning operation on the result of logic and operation, taking frequent 1– item set as the prerequisite to mine and learn frequent k item set and then creates available association rules according to related measure methods. Then, for the improved association rule learning algorithm and the classical Apriori algorithm, this thesis makes simulation experiments. The results show that the improved algorithm can efficiently cut down the complexity of the time and space of the association rules learning.Finally, basing on the core idea of improved association rule learning algorithms, this thesis designs and achieves simple models of network security audit. The experiments show that the improved learning algorithm of association rules in network security audits have better performance of automatic adaptive capacity, achieving the expected effect.更多还原