Background: Association rule mining plays a vital role in predicting the attacks and generating the firewall rules automatically. Data mining techniques discover the knowledge by counting the frequently occurring items, whereas most of the real-world datasets are non-uniform containing both frequently and relatively rarely occurring items. This paper discusses about how to generate the automatic firewall rules to detect anomalies using multiple minimum support. Methods: Mining association rules based on single minimum support approach suffers from the dilemma known as ‘rare item problem’ it requires multiple scans of database which increase the load and time consuming. To avoid this problem Multiple Minimum Support with Probability based approach (MMSP) is used to generate rules. Findings: To create a model of current user behavior from the dataset the probability will be compute with threshold value and the alarm will be raised accordingly. By using MMSP, the number of false alarm are reduced during intrusion detection and automatic firewall rules will be generated.
Keywords
Apriori, Firewall, Intrusion Detection, Minimum Support, Probability Approach, Rare Association Mining.
User
Information