摘要： 分析已有的关联规则算法，提出一种基于聚类矩阵的入侵检测日志关联规则算法。当数据库和最小支持度发生变化时，只需扫描变动的数据即可得到新的频繁项集。实验结果表明，该算法只需扫描一次数据库，具有频繁k-项集生成速度快、节约时间等优点，能提高入侵检测日志数据库关联规则挖掘的效率，满足实时入侵检测系统的需要。

关键词: 聚类矩阵, 关联向量, 入侵检测, 项集矩阵, 关联规则

Abstract: Through the method of association rules is analyzed, an improved algorithm in association rules of the intrusion detection record based on Cluster Matrixes(CM) is put forward. The algorithm can get the new frequent itemsets through searching the updated data once again, when the database and the minimum support degree are changed. Studies and analysis of the algorithm show that it can not only scan the database once, but also has the virtues in high-speed producing frequent k-itemsets, less time cost. And it improves the efficiency of the association mining, can fulfill the request of the real time system and apply to intrusion detection system.

Key words: Cluster Matrixes(CM), association vector, intrusion detection, itemset matrix, association rules

中图分类号: 

• TP309.2