Snort Log Analysis With Data Mining And Visualization
with the growing sophistication of cyber attacks, it has become necessary to combine techniques such as data
mining into cyber security. However, the utilization of techniques such as association rule mining is still an open challenge
in the context of cyber security. This study proposes the use of association rule mining to be applied to Snort logs before
signature matching as primary check in order to detect intrusions. With association rules, it is possible to gain valuable
insight within Snort logs in order to find key relationships. On the other hand, given that a large number of logs can be
generated in Snort, this creates a possibility for identifying a large number of association rules which can make the process
of analysis challenging for a user. Therefore, this study extends itself to integrate the process of association rule mining with
data visualization to create a better representation of patterns discovered.
Index Terms— Association Rule Mining, Data Visualization, Intrusion Detection.