Sequential Pattern Mining Algorithm And Its Application In The Cloud Forensics Research

With the rapid development of computer and network technology, they bring people allkinds of convenience, however, a variety of network security problems have emerged. In view ofthese problems, various measures have been taken to reduce the occurrence of network securityproblems such as firewall technology, intrusion detection technology, data encryption, accesscontrol. But when the measures above have been broken, what needed to do is to backupforensics the computer which is attacked, to recovery the files and logs which are deleted, and toobtain evidence. So computer forensics technology becomes an important measure to deal withnetwork security problems.At present, crime technology using computer is increasing constantly, computer forensicstechnology which is being used can hardly protect the data of enterprises and institutionseffectively, and its efficiency is too low when it deals with large logs, so cloud computing isintroduced into computer forensics. Cloud Forensics Model is constructed by using collaborationtechnology, the mutual cooperation of the host and server clusters which are used in logprocessing in the evidence analysis process is strengthened, and the computer forensics work isfinished with the minimize cost, the forensics time is shorten and the efficiency of the forensicsis improved, and sequential pattern mining which is an important research direction in datamining can be used in Cloud Forensics, then evidence needed can be obtained. The majorresearch work is as follows:1. Study the related content and key technology of cloud computing technology andcomputer forensics technology deeplyDiscuss the key technology which contains virtualization technology, the distributedprocessing technology, mass distributed storage technology, collaboration technology of cloudcomputing, study static forensics technology and dynamic forensics technology of computerforensics, and focus on static forensics technology containing data acquisition techniques, diskimage copy technology, disk clashes and anti-erase technology, keyword research, integritychecking library, file attributes checksum, thumbnail analysis, and dynamic forensics technologycontaining intrusion detection technology, honeypot technology, artificial immune technology.2. Propose Sequential Patterns Mining Based on Improved PrefixSpan algorithm SPMIPPrefixSpan algorithm is discussed at first, then the main advantage and disadvantage of thealgorithm is analyzed, and according to the problems of producing huge amount of projectdatabases, Sequential Patterns Mining Based on Improved PrefixSpan algorithm SPMIP isproposed. This algorithm can reduce the scale of projected databases and the time of scanningprojected databases through adding the pruning step and reducing the scanning of certain specificsequential patterns production, and algorithm efficiency can be well improved.3. Introduce cloud computing into computer forensics to construct Cloud Forensics ModelConstruct Cloud Forensics Model by using collaboration technology, which can improvethe autonomy and intelligent of data collection in computer forensics, strengthen the mutualcooperation of the host and server clusters which are used in log processing in the evidenceanalysis process, and get computer evidence which is not easy to get by the single machine by The cloud forensics cooperation analysis, then series up evidence to form evidence chain throughthe time, and finish the computer forensics work with the minimize cost, only in this way theforensics time is shorten and the efficiency of the forensics is improved.4. Applied Sequential Patterns Mining algorithm to cloud forensics, Designed and impliedcloud forensics systemBased on the designed Cloud Forensics Model, Applied Sequential Patterns Miningalgorithm to data mining, and find the time series of the intrusion by Sequential Patterns Mining,then obtain the time and event sequence features of network crime, and finally achieve cloudforensics system. After testing, this system runs reliably, steadily, effectively, conveniently, caneffectively achieve evidence which is needed.