Association Rule Mining in DoS Attack Detection and Defense in the Application of Network

Abstract

Association rule mining is widely used in network intrusion detection,an important feature of attribute extraction of KDDCup99 data set of denial of service attack records,for the association rules mining association rules between different attributes with the help of Weka,the intrusion detection and prevention of further study has reference significance.Mining association rules reflect the relationship between different attributes,the establishment of the intrusion detection system is effective and adaptive for the next step,has a very broad application prospects. Introduction With the Internet in our lives occupy an increasingly important position,very obvious,the site operators are also increasingly under serious threat in recent DoS(Denial Of Service) [1] .A malicious user sends a request to the server multiple authentication to full load,and return address all requests are forged.When the server attempts to authenticate the results back to the user,it will not find these users.In this case,the server had to wait until close to the connection timeout for this connection [2] .During this period the attacker will continually send bogus requests until the server overload and cannot provide normal services. Association rule mining algorithm Association rule mining is R.Agrawal,R.Imielinski and Swami related concepts presented in 1993,is an important field of data mining research [3][4] .The so-called association rules that identify potential associations between data items described in the database to find a large number of unknown data between useful dependencies.Supermarket bar code scanner used to collect a lot of transactions,each transaction will produce a detailed list of all the information shopping transaction,association rule is derived from the analysis of the customer transaction data.Operators are always interested in what commodity to be bought together to make based on the information store layout is more reasonable,rational arrangement of commodity classification and determining the type of customer buying patterns by implementing promotional activities. Definition1 Set } , , , { 2 1 m I I I I   is a collection of data items, D transaction is a collection of all [5] ,A transaction T has a unique identifier TID .If items,transaction support items claimed T set A ,also known as T transaction that contains the item set A . Definition2 Association rules are shaped like B A type of implication,among them I A , I B  ,and   B A . 5th International Conference on Education, Management, Information and Medicine (EMIM 2015) © 2015. The authors Published by Atlantis Press 445 B A supports the association rule is defined as: % 100 ) ( sup ) ( sup    N B A port B A port  ,credibility is defined as: % 100 ) ( sup ) ( sup ) (    A port B A port B A confidence  . Support is a measure of the importance of the association rules,indicating the probability of this association rules appear in all affairs,the greater the support,the more important association rules.Credibility is a measure of the accuracy of the association rules,are drawn on the basis of association rules. Definition 3 Support and confidence required to be greater than the threshold set by the user (ie,minimum support threshold and minimum confidence threshold),that: sup min_ ) ( sup   B A port , conf B A confidence min_ ) (   the strong association rules called the rules,otherwise known as the weak rule,strong association rules are useful rules researchers seek. Research on Association Rules algorithm has appeared Apriori algorithm to generate candidate frequent itemsets,no candidate frequent itemsets FPGrowth algorithms,as well as a variety of improvements based on their algorithms. Denial of service attacks association rule mining Data preprocessing. Weka intelligence analysis environment full name Waikato (Waikato Environment for Knowledge Analysis),is based on Java,an open source project for data mining and knowledge discovery,and its developer is Ian H.Witten from the University of Waikato,New Zealand and Eibe Frank.After years of development,Weka is now one of the most comprehensive data mining tools,and is recognized as an open source data mining project in one of the most famous [6] .In this paper,the experimental data sets from KDDCup99 dataset KDDCUP.data_10_percent Subset [7] ,this subset has 494,021 records,which recorded 391,458 denial of service attacks,accounting for 79.24%,attack classification identified as land (21 records),pod (264 records),teardrop (979 records),back (2203 records),neptune (107201 records),smurf (280790 reviews) six kinds of attack types. KDDCup99 dataset before each record contains 41 fixed feature attributes and finally an attack type identification,select the first 13 feature attribute duration,protocol_type,service,flag,src_bytes,dst_bytes,land,wrong_fragment,urgent,hot,num_failed_ logins ,logged_in,num_compromised and finally an attack attribute identifies the type of feature class,delete the remaining 28 feature attributes.KDDCup99 dataset for Excel xls file,save as CSV format,and then converted to the identification of Weka ARFF format features continuous numeric attribute grouping,were converted into discrete classification characteristic properties,shown in Figure 1.