Association Rule Mining Technology Improvements in Computer Forensics
|Course||Computer Software and Theory|
|Keywords||Improved Apriori algorithm Association rules Improved weightedassociation rules Weighted frequent itemsets|
The21st century is an age of information, with the life of information technology, computer crime become more and more common, a serious impact on social stability. How to fight against computer criminals, to curb the phenomenon of such crimes, has become the focus of the work of law enforcement agencies, and similar to the general case, the evidence of a crime cases detected, therefore, how to extract evidence of computer crime, so that it can be recognized as legal is the focus of the work. Traditional research methods are limited to traditional means such as keyword search, comparative analysis, and only manual operation, a heavy workload and low efficiency and poor notary. Data mining techniques extract useful information from vast amounts of data, with a highly efficient and intelligent. With the help of data mining techniques, applied it to the application of computer forensics to help extract the evidence of computer crime, and thus improve the efficiency of the investigation of cases.(1) This paper first introduces the relevant knowledge of computer forensics and data mining, the necessity and feasibility of a combination of both.(2) In order to dig out the evidence related to computer crime in the vast amounts of data, improve the efficiency of detection of cases. This paper presents a sort-based Apriori algorithm which is on the basis of Apriori algorithm. Traditional Apriori algorithm, when L (k-1) self-connection generates Ck, the larger number of itemsets, the larger number of comparisons, the lower the efficiency of the algorithm. When the less number of occurrences of L (k-1) in the project, generate less item of candidate itemsets Ck, the smaller number of comparisons, so in the Apriori algorithm based on the sort of connection step, first, the items in the L(k-1) sorted in accordance with number of occurrences in increasing order, then in accordance with Apriori algorithm to generate Ck operation. In this way, reducing the number of itemsets of Ck, improve the efficiency of the algorithm, also to overcome defects of Apriori algorithm:When the number of frequent itemsets very large, will generate large candidate sets. This algorithm applied to computer forensics and more efficient.(3) The traditional association rule mining algorithm think that each item is equally important, equal treatment on all items, while the weighted association rules give each item a weight to represent the importance of the item. In this paper, to address the particularity of public business, importance of each case is different, importance of various clues and evidences in a case are different, the proposed improved weighted association rules algorithm can not only consider the number of items, but also consider importance of the item to make it more in line with the actual situation computer forensics work. By theoretical analysis and experiments prove that the improved weighted association rule mining algorithm has higher better performance.