Anomaly Extraction in the Network Using Association Rule Mining Aim of the project: Identifying an anomaly from the network traffic during a time interval and find the flows associated with the event(s) that triggered an observed anomaly. Description of the project in short: In this paper, we are observing the network traffic for time interval t and identifying the anomaly using histogram detector. Upon detection of anomaly, we build the clones of histogram detector and find suspicious flows that causes anomaly in the network. We then filter this data to eliminate large fraction of normal flows. A summary report of frequent item-sets in the set of suspicious flows is generated by applying association rule mining. Existing System: Identifying network anomalies is critical for the timely mitigation of events, like attacks or failures that can affect the security and performance of network. Traditional approaches to anomaly detection use attack signatures built in an Intrusion Detection System (IDS) that can identify attacks with known patterns. Significant research efforts have focused on building IDS's and, therefore, related production systems are presently employed in many networks. Although signature-based detection finds most known attacks, it fails to identify new attacks and other problems that have not appeared before and do not have known signatures. Proposed System: Our system contains three different phases. One is histogram detector that will observe the network traffic and alert the system upon anomaly detection. Second phase consists of histogram cloning which assures the anomaly detection and finds the suspicious flows from network traffic. Finally third phase is to apply association rule mining algorithm i.e. Apriori to find the frequent item sets. Process Summary: 1] Form network between computers or laptops. 2] Histogram detector will observe network for certain interval. 3] On anomaly detection form clones of histogram and find suspicious flows in network. 4] Apply Apriori algorithm to this suspicious flows. 5] Find frequent item sets from the set of suspicious flows. Algorithms:- Apriori Algorithm: The standard algorithm for discovering frequent item-sets is the Apriori algorithm. Apriori computes in each round the support for all candidate -item-sets. At the end of each round, the item-sets with frequency above the minimum support parameter are selected. The frequent item-sets of round are used in the next round to construct candidate -item-sets. The algorithm stops when no -item-sets with frequency above the minimum support are found. Ck: Candidate item set of size k Lk : frequent item set of size k L1 = {frequent items}; For (k = 1; Lk !=Ø; k++) Do begin Ck+1 = candidates generated from Lk; For each transaction t in database do Increment the count of all candidates in Ck+1 that are contained in t Lk+1 = candidates in Ck+1 with minimum support End Return Uk Lk Operating Environment:- a) S/W Specification Operating System : Windows XP / Window Vista / Windows 7. Development End : JAVA IDE : Eclipse Tool : JCreator b) H/W Specification Processor : PIV– 500 MHz to 3.0 GHz. RAM : 1GB. Disk : 20 GB. Monitor : Any Color Display. Key Board : Standard Windows Keyboard Design and Implementation Constraints:- Here, we required to form a network between n number of computers or laptops. We will form network traffic for certain interval of time only. Security considerations, design conventions and programming standards have maintained. Assumption and Dependencies:- Our system will not work for single machine. Our system will depend on the multiple machines connected with each other in the network. We are assuming server as a router in our system which observes all the traffic in the network. Modules Information:- Module1: Design the Graphical User Interface (GUI) for our system with client and server. Module2: Build histogram detector to observe the traffic on the network and detect anomalies. Module3: Find suspicious flows from the network traffic that causes anomaly in the network. Module4: Implement Apriori algorithm and find frequent item sets. Project Plan:- Modules Code Delivery date Code delivered in (Percentage) % Module 1 25% Module 2 50% Module 3 75% Module 4 100%