CN105868328A - Method and device for log association analysis - Google Patents
Method and device for log association analysis Download PDFInfo
- Publication number
- CN105868328A CN105868328A CN201610181715.0A CN201610181715A CN105868328A CN 105868328 A CN105868328 A CN 105868328A CN 201610181715 A CN201610181715 A CN 201610181715A CN 105868328 A CN105868328 A CN 105868328A
- Authority
- CN
- China
- Prior art keywords
- item
- path
- log recording
- bit vector
- longest path
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/242—Query formulation
- G06F16/2425—Iterative querying; Query formulation based on the results of a preceding query
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/034—Test or assess a computer or a system
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Mathematical Physics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Debugging And Monitoring (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a method and device for log association analysis. In an embodiment, the generation sequence of a candidate item set is changed based on the association rule mining algorithm of a depth-first search tree, a maximum frequent item set is preferably looked for, and mining of the frequent item set is converted into discovery of the maximum frequent item set.
Description
Technical field
The present invention is broadly directed to data mining technology, it particularly relates to for log correlation analysis method and
Device.
Background technology
Association analysis is the data mining technology of a kind of practicality, finds the connection between the different item in data acquisition system
System.Such as, association analysis can be to find in transaction data base the contact between different commodity.Thus, it is possible to
By finding the contact between the different commodity in its shopping basket of client, analyze the buying habit of client.
Apriori algorithm is the frequent item set (Frequent of a kind of Mining Association Rules (Association Rule)
Itemset) algorithm, it uses the iterative search method of breadth First.This algorithm is according to support (Support)
Find out all frequent item sets (frequency) and produce correlation rule (intensity) according to confidence level (Confidence).
Support (A-> B), represents that in all events, existing A has again the probability of B, P (AB);Confidence level (A-> B)
Represent that the probability of B occurs in the event occur A simultaneously, and P (B | A)=P (AB)/P (A).Apriori algorithm
Target is the rule finding and meeting minimum support threshold value and minimal confidence threshold, i.e. strong rule.The mistake of algorithm
Journey includes, finds out frequent 1 collection set L1 L1 and looks for frequent 2 set L2, then looks for L3 with L2,
Circulate successively, until frequent k item collection can not be found.Here, frequent k item collection degree of referring to is more than
The item collection including k item of little support threshold.In above process, by Connection Step from frequent k-1 item
Collection Lk-1 is connected with self and produces candidate k item collection Ck, and got rid of by beta pruning step can not be at Lk
In candidate.
But, Apriori algorithm, in the iterative process performing " connection-beta pruning ", needs Multiple-Scan data
Storehouse, increases I/O load.
Summary of the invention
A kind of method for log correlation analysis, including: bit vector signal generating unit, for for each
Whether the log recording occurred as event, indicate this in corresponding day for each generation in log recording
The bit vector occurred in will record, wherein, the i-th bit of the bit vector of item instruction 0 this Xiang Wei of expression is the
Occurring in i log recording, instruction 1 represents that this occurs in i-th log recording;Non-directed graph signal generating unit,
For building non-directed graph with the item in log recording for node, all items two occurred in one of them log recording
There is limit, path searching unit between two, be used for finding the longest path in this non-directed graph, this longest path bag
Include k item, it is judged that unit, the bit vector of the item on this longest path carried out and operation, and according to operation
Result in the quantity of numerical value 1 judge whether the k item collection on this longest path constitutes maximum frequent itemsets.
A kind of device for log correlation analysis, including: bit vector signal generating unit, for making for each
Whether the log recording occurred for event, indicate this in corresponding daily record for each generation in log recording
The bit vector occurred in record, wherein, i-th bit instruction 0 this Xiang Wei of expression of the bit vector of an item is i-th
Occurring in individual log recording, instruction 1 represents that this occurs in i-th log recording;Non-directed graph signal generating unit,
For building non-directed graph with the item in log recording for node, all items two occurred in one of them log recording
There is limit, path searching unit between two, be used for finding the longest path in this non-directed graph, this longest path bag
Include k item, it is judged that unit, the bit vector of the item on this longest path carried out and operation, and according to operation
Result in the quantity of numerical value 1 judge whether the k item collection on this longest path constitutes maximum frequent itemsets.
According to one embodiment of present invention, the traversal in audit log data storehouse is had and for once, it is possible to subtract
The most unnecessary few repetition is compared, and improves the efficiency of log correlation analysis.
According to one embodiment of present invention, when audit log data storehouse and minimum support update, it is not necessary to
Rescan database and just can complete the renewal in audit log correlation rule storehouse, thus improve digging of correlation rule
Pick efficiency.
According to one embodiment of present invention, association rules mining algorithm based on DFS tree can change
Become the generation order of candidate, greatly reduced the quantity of the candidate of generation, and simplify affairs
The replacement problem of frequent item set when database update and minimum support change.
According to one embodiment of present invention, it is possible to substantial amounts of audit log data is associated rule digging,
It appeared that valuable information in cloud resource management platform, effectively realize system intrusion detection, find in time
Security breaches in system and internal malicious act.
When reading in conjunction with the accompanying following description it will also be understood that the further feature of embodiments of the invention and advantage, its
Middle accompanying drawing shows the principle of embodiments of the invention by means of example.
Accompanying drawing explanation
Fig. 1 is the schematic diagram of the method for log correlation analysis according to an embodiment of the invention.
Fig. 2 is the non-directed graph produced according to the example in table 1.
Fig. 3 is the method searching frequent item set based on DFS tree according to an embodiment of the invention
Schematic diagram.
Fig. 4 is the schematic diagram of the device for log correlation analysis according to an embodiment of the invention.
Detailed description of the invention
Hereinafter, the principle that invention will be described in conjunction with the embodiments.It should be appreciated that the embodiment be given
It is intended merely to those skilled in the art be more fully understood that and put into practice the present invention rather than limit the model of the present invention
Enclose.Therefore, the implementation detail comprised in this specification is not necessarily to be construed as maybe to be required the scope of invention
The restriction of the scope of protection, but the description specific to embodiment should be considered.
Fig. 1 is the schematic diagram of the method for log correlation analysis according to an embodiment of the invention.This is real
Execute example to attempt to find maximum frequent itemsets.The maximum frequent itemsets obtained can be used for the item in log recording
Associate with particular event, dynamically detecting system invasion.As it is shown in figure 1, each step of method is as described below.
In step 110, the bit vector about the item in log recording is produced.Send out as event for each
Raw log recording, for each generation instruction in log recording, whether this goes out in corresponding log recording
Existing bit vector, wherein, i-th bit instruction 0 this Xiang Wei of expression of the bit vector of an item remembers in i-th daily record
Occurring in record, instruction 1 represents that this occurs in i-th log recording.
As example, table 1 below illustrates database journal record sheet according to an embodiment of the invention.At this
In table, log recording one event of instruction.
Log recording | ? |
1 | I2、I3 |
2 | I1、I2、I5 |
3 | I1、I2、I4 |
4 | I1、I3 |
5 | I1、I2、I3 |
6 | I2、I4 |
7 | I2、I3 |
8 | I1、I2、I3、I5 |
9 | I1、I3 |
Table 1
In described step 110, for each log recording 1-9, produce respective bit vector for item I1-I5.
According to expression, bit vector as shown in table 2 below can be produced:
? | Bit vector |
I1 | 011110011 |
I2 | 111011110 |
I3 | 100110111 |
I4 | 001001000 |
I5 | 010000010 |
Table 2
Such as, the bit vector 011110011 of I1 indicates it to occur in journal record 2-5,8-9.
In the step 120, non-directed graph is built with the item in log recording for node.Define in a log recording
There is limit between any two in all items occurred.Accordingly, for the example in table 1, in log recording 1
Item I2 and I3 has limit, and item I1, I2, I5 in log recording 2 have limit between any two, etc..Fig. 2
It it is the non-directed graph produced according to the example in table 1.
In step 130, finding the longest path of this non-directed graph, this longest path includes k item.Show at one
In example, find longest path according to depth-first traversal algorithm.
In step 140, according to the bit vector of the item on longest path, it is judged that whether its collection constitutes maximum frequency
Numerous collection.The bit vector of the item on this longest path is carried out and operation, and according to in the result of operation
The quantity of numerical value 1 judges whether the k item collection on this longest path constitutes maximum frequent itemsets.
In the illustrated example shown in fig. 2, finding out longest path is I2-I4-I1-I3-I6, to the item in this longest path
Bit vector carry out with operation, result is 000000000.This means that all items on this paths are the most same
Shi Yi log recording occurs.That is, the k item collection on this longest path cannot constitute maximum frequent itemsets.
In one example, when the support of the item collection judged on this longest path is less than threshold value, according to this nothing
Finding vice-minister path to figure and this longest path, this longest path includes k-1 item, to the item on this vice-minister path
Bit vector carry out and operation, and judge this vice-minister road according to the quantity of numerical value 1 in the result of operation
Whether the k-1 item collection on footpath constitutes maximum frequent itemsets.Vice-minister road is searched by non-directed graph and this longest path
Too much candidate can be avoided producing in footpath, and then improves the efficiency searching maximum frequent itemsets.By that analogy,
Until k is equal to 1.
Fig. 3 is the method searching frequent item set based on DFS tree according to an embodiment of the invention
Schematic diagram.In this embodiment, based on DFS tree (Frequent Items mining based on
Depth-First tree, is abbreviated as FIDF-tree) association rules mining algorithm change change candidate product
Raw order, preferably finds maximum frequent itemsets, the Mining Problems of frequent item set is converted into discovery maximum frequent set
Collection.
As it is shown on figure 3, each step of method is as described below.
In the step 310, initial parameter is set, such as support threshold, confidence threshold value etc..
In step 320, every bit vector is generated.Can produce about daily record as described in abovementioned steps 110
The bit vector of the item in record.The each characteristic value in item log recording in log recording, such as source IP address,
Purpose IP address, COS, connection status etc..
In a step 330, according to the relevance between every, build double loop networks.
In step 340, k tree is generated.
According to one embodiment of present invention, the structure of FIDF-tree is defined as follows: tree root is defined as " NULL ",
Candidate I1, I2, I3 ..., IS} is expressed as from the child V1 of root node to leaf node VS in tree
Path on node.Non-leaf node comprises an attribute: the title of item.Leafy node comprises two attributes:
The support of the title candidate corresponding with this leafy node.Candidate I1, I2, I3 ..., IS}
Item collection path refer to from the child I1 of root node traversal until leaf node Is in tree.From I1 to Is
Path is by limit (I1, I2), (I2, I3) ..., node sequence I1 that (IS-1, IS) couples together, I2,
I3 ..., IS, and sequence do not exist the node of repetition.If the candidate in FIDF-tree represented by path
Maximum length be k, then this FIDF-tree is referred to as k-FIDF-tree.
In described step 330, first create a root node root, be designated NULL, then according to deep
Degree priority algorithm traversal double loop networks, finds out the longest path, the first stalk tree of structure root.If now institute
Some nodes accessed the most, then k-FIDF-tree construction complete, continued from other nodes not accessed the most again
Search vice-minister path, as another subtree of root node, until all nodes are the most accessed.Finally by item collection
The bit vector of all items occurred in path carries out AND operation, obtains the support of this collection, and marks
Second attribute for the leafy node in this path.
In step 350, it is judged that whether the support of leafy node is more than minimum support threshold value.If it is,
Export maximum frequent itemsets the most in step 360.This maximum frequent itemsets is more than minimum support threshold by support
The all of item in the path at the place of the leafy node of value is constituted.In the DFS tree of structure, any
The nonvoid subset of frequent item set must be frequent item set, and the superset of any nonmatching grids must be non-frequent episode
Collection.In this embodiment, on the basis of run-down database, preferentially go for maximum frequent itemsets, therefore,
When database and support threshold change, it is not required to rescan database, improves association rule mining
Efficiency, and the demand of real-time can be met.
In step 350, it is judged that whether the support of leafy node is more than minimum support threshold value.If it does not,
The most in step 370, (k-1)-FIDF-tree is generated.In step 370, for the item of k-FIDF-tree
Collection path, obtains subset k-1 candidate,.Wherein, for each candidate, build (k-1) subtree,
I-th layer of tree node of subtree is set up in the position occurred according to i-th element in k-1 candidate, if new in traversal
Occur in that on a certain layer position during tree new node then by the middle surplus element of this candidate by suitable
Sequence connects into tree and joins in subtree.
Enter back into step 350, it is judged that whether the support of the leafy node in (k-1)-FIDF-tree is more than
Little support threshold.If it is, export maximum frequent itemsets in step 360.If it is not, then again enter
Enter step 370, the path of advantage collection in (k-1)-FIDF-tree, seek the Son item set of a length of (k-2).
Repeat step 370 and 350, until there being the support of leafy node to meet support threshold.
Fig. 4 is the schematic diagram of the device for log correlation analysis according to an embodiment of the invention.At this
In embodiment, device includes bit vector signal generating unit 410, non-directed graph signal generating unit 420, path searching unit
430, judging unit 440.
Bit vector signal generating unit 410 is configured to the log recording occurred for each as event, remembers for daily record
This bit vector whether occurred in corresponding log recording of each generation instruction in record, wherein, one
I-th bit instruction 0 this Xiang Wei of expression of the bit vector of item occurs in i-th log recording, and instruction 1 expression is somebody's turn to do
Item occurs in i-th log recording.
Non-directed graph signal generating unit 420 is configured to build non-directed graph with the item in log recording for node, one of them
There is limit between any two in all items occurred in log recording.
Path searching unit 430 is configured to find the longest path in this non-directed graph, and this longest path includes k item.
Judging unit 440 be configured to the bit vector of the item on this longest path is carried out with operation, and according to
The quantity of the numerical value 1 in the result of operation judges whether the k item collection on this longest path constitutes maximum frequent set
Collection.
In another embodiment, judge that the support of the item collection on this longest path is less than when judging unit 440
During threshold value, path searching unit 430 is further configured to find vice-minister road according to this non-directed graph and this longest path
Footpath, this vice-minister path includes that k-1 item, described judging unit are further configured to the item on this vice-minister path
Bit vector carry out and operation, and judge this vice-minister road according to the quantity of numerical value 1 in the result of operation
Whether the k-1 item collection on footpath constitutes maximum frequent itemsets.
Each frame shown in Fig. 1 and Fig. 3 can be considered method step and/or be considered owing to running computer journey
Sequence code and the operation that causes and/or be considered the logic circuit unit being configured to implement multiple couplings of correlation function
Part.Although operation is depicted the most in the drawings, but this is understood not to require according to shown spy
Definite sequence or perform these operations in sequential order, or requires that the operation of all illustrations is performed, to reach reason
The result thought.In some cases, multi-task parallel process is probably favourable.
Exemplary embodiment can be implemented in hardware, software, or a combination thereof.Such as, certain aspects of the invention
Can implement within hardware, other side then can be implemented in software.Although the exemplary embodiment of the present invention
Aspect can be shown and described as block diagram, flow chart, but is well understood that, these devices described herein,
Or method can be implemented as functional module in as the system of limiting examples.Additionally, said apparatus should not
It is understood to require to carry out in all of the embodiments illustrated this separation, and should be understood that described program groups
Part and system generally can be integrated in single software product or be packaged into multiple software product.
Those skilled in the relevant art's aforementioned exemplary when reading in conjunction with the accompanying aforementioned specification, to the present invention
Various amendments and the deformation of embodiment can become obvious for those skilled in the relevant art.Therefore, the present invention
Embodiment is not limited to disclosed specific embodiment, and variation and other embodiments are intended in appended power
In the range of profit requires.
Claims (4)
1. the device for log correlation analysis, it is characterised in that including:
Bit vector signal generating unit, for the log recording occurred as event for each, in log recording
Each this bit vector whether occurred in corresponding log recording of generation instruction, wherein, an item
Bit vector i-th bit instruction 0 expression this Xiang Wei occurs in i-th log recording, instruction 1 represent this
I-th log recording occurs;
Non-directed graph signal generating unit, for building non-directed graph with the item in log recording for node, one of them daily record
There is limit between any two in all items occurred in record,
Path searching unit, for finding the longest path in this non-directed graph, this longest path includes k item,
Judging unit, is carried out and operation the bit vector of the item on this longest path, and according to the knot with operation
The quantity of the numerical value 1 in Guo judges whether the k item collection on this longest path constitutes maximum frequent itemsets.
2. device as claimed in claim 1, it is characterised in that
When described judging unit judges the support of the item collection on this longest path less than threshold value, described path is looked into
Looking for unit to be further configured to according to this non-directed graph and this longest path and find vice-minister path, this vice-minister path is wrapped
Including k-1 item, described judging unit is further configured to carry out the bit vector of the item on this vice-minister path and behaviour
Make, and judge that the k-1 item collection on this vice-minister path is according to the quantity with the numerical value 1 in the result of operation
No composition maximum frequent itemsets.
3. the method for log correlation analysis, it is characterised in that including:
The log recording occurred as event for each, indicates this for each generation in log recording
The bit vector whether occurred in corresponding log recording, wherein, the i-th bit instruction 0 of the bit vector of an item
Representing that this Xiang Wei occurs in i-th log recording, instruction 1 represents that this occurs in i-th log recording;
Non-directed graph is built for node, all items two occurred in one of them log recording with the item in log recording
Limit is there is between two,
Finding the longest path in this non-directed graph, this longest path includes k item,
The bit vector of the item on this longest path is carried out and operation, and according to the numerical value in the result of operation
The quantity of 1 judges whether the k item collection on this longest path constitutes maximum frequent itemsets.
4. method as claimed in claim 3, it is characterised in that
When the support of the item collection judged on this longest path is less than threshold value, according to this non-directed graph and this longest path
Vice-minister path is found in footpath, and this vice-minister path includes k-1 item, the bit vector of the item on this vice-minister path is carried out with
Operation, and judge the k-1 item collection on this vice-minister path according to the quantity with the numerical value 1 in the result of operation
Whether constitute maximum frequent itemsets.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610181715.0A CN105868328B (en) | 2016-03-28 | 2016-03-28 | Method and apparatus for log correlation analysis |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610181715.0A CN105868328B (en) | 2016-03-28 | 2016-03-28 | Method and apparatus for log correlation analysis |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105868328A true CN105868328A (en) | 2016-08-17 |
CN105868328B CN105868328B (en) | 2019-05-10 |
Family
ID=56626048
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610181715.0A Active CN105868328B (en) | 2016-03-28 | 2016-03-28 | Method and apparatus for log correlation analysis |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105868328B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107835087A (en) * | 2017-09-14 | 2018-03-23 | 北京科东电力控制系统有限责任公司 | A kind of safety means alarm regulation extraction method based on Frequent Pattern Mining |
CN112199344A (en) * | 2020-10-14 | 2021-01-08 | 杭州安恒信息技术股份有限公司 | Log classification method and device |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102043851A (en) * | 2010-12-22 | 2011-05-04 | 四川大学 | Multiple-document automatic abstracting method based on frequent itemset |
CN103593400A (en) * | 2013-12-13 | 2014-02-19 | 陕西省气象局 | Lightning activity data statistics method based on modified Apriori algorithm |
CN103678530A (en) * | 2013-11-30 | 2014-03-26 | 武汉传神信息技术有限公司 | Rapid detection method of frequent item sets |
-
2016
- 2016-03-28 CN CN201610181715.0A patent/CN105868328B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102043851A (en) * | 2010-12-22 | 2011-05-04 | 四川大学 | Multiple-document automatic abstracting method based on frequent itemset |
CN103678530A (en) * | 2013-11-30 | 2014-03-26 | 武汉传神信息技术有限公司 | Rapid detection method of frequent item sets |
CN103593400A (en) * | 2013-12-13 | 2014-02-19 | 陕西省气象局 | Lightning activity data statistics method based on modified Apriori algorithm |
Non-Patent Citations (1)
Title |
---|
王政伟等: "一种基于图的关联规则挖掘改进算法", 《计算机工程与科学》 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107835087A (en) * | 2017-09-14 | 2018-03-23 | 北京科东电力控制系统有限责任公司 | A kind of safety means alarm regulation extraction method based on Frequent Pattern Mining |
CN107835087B (en) * | 2017-09-14 | 2022-09-02 | 北京科东电力控制系统有限责任公司 | Automatic extraction method of alarm rule of safety equipment based on frequent pattern mining |
CN112199344A (en) * | 2020-10-14 | 2021-01-08 | 杭州安恒信息技术股份有限公司 | Log classification method and device |
CN112199344B (en) * | 2020-10-14 | 2024-03-19 | 杭州安恒信息技术股份有限公司 | Log classification method and device |
Also Published As
Publication number | Publication date |
---|---|
CN105868328B (en) | 2019-05-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Yu et al. | A survey on social media anomaly detection | |
Hemalatha et al. | Minimal infrequent pattern based approach for mining outliers in data streams | |
Choudhury et al. | A selectivity based approach to continuous pattern detection in streaming graphs | |
CN105760443B (en) | Item recommendation system, project recommendation device and item recommendation method | |
Duan et al. | Root cause analysis approach based on reverse cascading decomposition in QFD and fuzzy weight ARM for quality accidents | |
Hońko | Association discovery from relational data via granular computing | |
Jung et al. | Analyzing future communities in growing citation networks | |
Thakur et al. | Detection of malicious URLs in big data using RIPPER algorithm | |
CN105868328A (en) | Method and device for log association analysis | |
Lu et al. | A unified link prediction framework for predicting arbitrary relations in heterogeneous academic networks | |
Chadokar et al. | Optimizing network traffic by generating association rules using hybrid apriori-genetic algorithm | |
Stattner et al. | Descriptive modeling of social networks | |
Sinha et al. | Identification of best algorithm in association rule mining based on performance | |
CN106844553A (en) | Data snooping and extending method and device based on sample data | |
Pandey et al. | Mining on relationships in big data era using improve apriori algorithm with MapReduce approach | |
Li et al. | A two-stage community search method based on seed replacement and joint random walk | |
Alodah et al. | Combining gradient boosting machines with collective inference to predict continuous values | |
Nembhard et al. | Extracting knowledge from open source projects to improve program security | |
KR102146526B1 (en) | Query classification method for database intrusion detection | |
Liu et al. | Significant-attributed Community Search in Heterogeneous Information Networks | |
Dagnely et al. | Ontology-driven multilevel sequential pattern mining: mining for gold in event logs of photovoltaic plants | |
Harne et al. | Mining of Association Rules: A Review Paper | |
Zhao et al. | Directed clonal selection algorithm for associative classification | |
Duggirala et al. | Mining Positive and Negative Association Rules Using CoherentApproach | |
Al-Ammal | A Review of Machine Learning Techniques for Anomaly Detection in Static Graphs |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |