A Study on Data Mining for Firewall Policy Management
Date Issued
2007
Date
2007
Author(s)
Chang, Keng-Wei
DOI
zh-TW
Abstract
Motivation: Firewall system is the most popular network security mechanism for enterprises. Due to the dynamic feature of network environment, firewall policy rules must be constantly revised and adapted to assure the security of intranet. The problem we address is how to apply data mining technology for analyzing firewall logs and assisting network administrators to improve firewall efficiency and to safeguard the network.
Method: We apply association rule mining to analyze network logs and detect anomalous behaviors, such as connections those shown frequently in short period with the same source IP and port. From these anomalous behaviors, we could inference useful, up-to-dated and efficient firewall policy rules. Comparing with the method proposed by K. Golnabi et al. in NOMS’ 2006, we utilize incremental mining to handle the increasingly changed traffic log data to enhance the efficiency in analyzing. Moreover, our approach has analyzed not only high-frequent network logs but also other significant security factors to make whole system more feasible and effective.
Results: In this thesis, we have developed fast algorithm to optimize the execution performance. Experimental results show that the execution efficiency of our proposed method is significantly better than that of traditional method when dealing with the large-sized log file.
Subjects
資料探勘
關聯規則
防火牆
政策管理
快速演算法
Data Mining
Association Rule
Firewall
Policy Management
Fast Algorithm
Type
thesis
File(s)![Thumbnail Image]()
Loading...
Name
ntu-96-R94525051-1.pdf
Size
23.53 KB
Format
Adobe PDF
Checksum
(MD5):07ecb9ba6fff26563966419970fdba83