Journal of Theoretical and Applied Information Technology
With frequently network attack crimes, it causes serious economic loss and bad social influence. Network security products are practically impossible to guard against intrusion methods, network forensics is needed. The massive network data must be captured and analyzed in network forensics, and the data is often related, the application of Apriori algorithm is proposed for network forensics analysis. After capturing and filtering network data package, and the Apriori algorithm is used to mine the association rules according to the evidence relevance to build and update signature database of offense, current user behavior is judged legal or not through pattern match results of user behavior and association rules which are stored in databases.