The Application of Apriori Algorithm for Network Forensics Analysis

With frequently network attack crimes, it causes serious economic loss and bad social influence. Network security products are practically impossible to guard against intrusion methods, network forensics is needed. The massive network data must be captured and analyzed in network forensics, and the data is often related, the application of Apriori algorithm is proposed for network forensics analysis. After capturing and filtering network data package, and the Apriori algorithm is used to mine the association rules according to the evidence relevance to build and update signature database of offense, current user behavior is judged legal or not through pattern match results of user behavior and association rules which are stored in databases. The crime behaviors are saved in evidence database, which can be used as primitive evidence for network forensics. Simulation results show that the application of Apriori algorithm can raise the speed, exactitude and intelligence of data analysis for network forensics, the application can help to resolve the real-time, efficient and adaptable problems in network forensics.