Analysis of Network User Behaviors Based on Data Mining Theory
基于数据挖掘的用户安全行为分析*

By using protocol decoding technology, the system can get detailed information about monitored user. Then, the method based on data-mining theory is taken to extract association rules from the information. These rules combined with other statistical data will form the pattern of the monitored user. Empirical results show that we can provided with the capability of extracting user patterns and identifying them in the network. On the other hand, this method also can detect large scale intrusion such as worms.