Applying Association Rule of the Data Mining Method for the Network Event Analysis.

Network event analysis gives useful information on the network status that helps protect from attacks. It involves finding sets of frequently used packet information such as IP addresses and requires real-time processing by its nature. This paper applies association rules to network event analysis. Originally association rules used for data mining can be applied to find frequent item sets. So, if frequent items occur on networks, information system can guess that there is a threat. But existed association rules such as Apriori algorithm are not suitable for analyzing network events on real-time due to the high usage of CPU and memory and thus low processing speed. This paper develops a network event audit module by applying association rules to network events using a new algorithm instead of Apriori algorithm. Test results show that the application of the new algorithm gives drastically low usage of both CPU and memory for network event analysis compared with existing Apriori algorithm. [ABSTRACT FROM AUTHOR]