Skip to Main Content
In a local area network (LAN) where users are relatively stable, the usage patterns of systems and working habits are also stable. This character implies that there exist many rules in corresponding network applications. By intercepting all the frames in the LAN and pre-processing the collected data, association rules mining techniques can be used to extract association rules from the network data. These rules can latter be effectively applied to network anomaly detection in the LAN. This paper discusses the method of using association rules mining in anomaly detection of LAN, and analyzes its working principle. We give a detailed discussion on several steps, including the method of data acquisition and preprocessing, association rules mining, the usage of similarity to determine whether the network behavior conform to the extracted association rules and the detection of anomalous behaviors. Finally, the corresponding experimental results are given.