Using Association Rule to Establish a Security Notification Model

• Main Authors: Bing-Hua Lan, 藍秉華
• Other Authors: KUO-CHENG LEE
• Format: Others
• Language: zh-TW
• Published: 2018
• Online Access: http://ndltd.ncl.edu.tw/handle/sdf2z4

碩士 === 中原大學 === 資訊管理研究所 === 106 === With the growing popularization of information communication technology and the Internet, information communication technology has become an important part in everyone''s daily life. Information communication technology not only changes human behavior, but also results in threats to cyber security from political, economic, societal, technological, and military aspect. TWCERT/CC is a Non-Governmental Organization responsible for the report and response of non-governmental cyber security incidents in Taiwan. Due to the huge amount of incidents received every day, TWCERT/CC faces several challenges including low efficiency, high error rate, and sometimes incorrect data statistics. Therefore, they seek for solution to better organization and categorization of report data. In this research, we aim to analyze TWCERT/CC incident reports received in 2017. As data preprocessing, we first standardize the data format of incident reports to ensure data consistency. We then extract at most three layers of hierarchical keywords from the report description using word frequency analysis, combine the retrieved keywords with other attributes, and finally split the dataset into training (70%) and validation set (30%). The prediction model was later learned from association rules mined using Apriori algorithm. Finally, we evaluate the prediction model with the validation set. We proved the learned model to be able to classify the incident report accurately, and thus can help TWCERT/CC improve the operation efficiency and decrease potential errors caused by human in the future.