Associating IDS Alerts by an Improved Apriori Algorithm

Among a large number of association rule mining algorithms, Apriori algorithm is the most classic one, but the Apriori algorithm has three deficiencies, namely: the need for scanning databases many times, generating a large number of Candidate Anthology, as well as frequent itemsets iteratively. The paper presents a method that solves the maximal frequent itemsets through one intersection operation. The degree of support is obtained through the times of intersection without having to scan the transaction database, by numbering some of the properties to reduce memory space and search the candidate set list easily, thereby enhancing the efficiency of the algorithm. Finally, it can generate association rules for Intrusion Detection System. Experimental results show that the optimized algorithm can effectively improve the efficiency of mining association rules.