Anomaly Extraction Using Association Rule Mining

Today network security, uptime and performance of network are important and serious issue in computer network. Anomaly is deviation from normal behavior which is factor that affects on network security. So Anomaly Extraction which detects and extracts anomalous flow from network is requirement of network operator. Anomaly extraction refers to automatically finding in a large set of flows observed during an anomalous time interval, the flows associated with the anomalous event(s). It is important for root cause analysis, network forensics, and attack mitigation and anomaly modeling. We use meta data provided by several histogram based detectors to identify suspicious flows, and then apply association rule mining to find and summarize anomalous flows. Using Histogram based detector to identify anomalies and then applying Association rule mining, anomalies will be extracted. Apriori and FP Growth algorithm will be used to generate the set of rule applied on metadata. Using traffic data from a network this technique effectively finds the flow associated with the anomalous event(s). it triggers a very small number of false positives, which exhibit specific patterns and can be sorted out by an administrator this anomaly extraction method significantly reduces the work hours needed for analyzing alarms, making anomaly detection systems more practical.