English  |  正體中文  |  简体中文  |  全文筆數/總筆數 : 80990/80990 (100%)
造訪人次 : 41636859      線上人數 : 1151
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
搜尋範圍 查詢小技巧:
  • 您可在西文檢索詞彙前後加上"雙引號",以獲取較精準的檢索結果
  • 若欲以作者姓名搜尋,建議至進階搜尋限定作者欄位,可獲得較完整資料
  • 進階搜尋


    請使用永久網址來引用或連結此文件: http://ir.lib.ncu.edu.tw/handle/987654321/93114


    題名: 運用資料探勘技術優化 次世代防火牆規則之研究;Optimize NGFW policy rules using data mining techniques
    作者: 楊豐銘;Yang, Feng-Ming
    貢獻者: 資訊管理學系在職專班
    關鍵詞: 次世代防火牆;資料探勘;關聯規則;規則管理;改變探勘;next generation firewall;data mining;association rules;policy management;change mining
    日期: 2023-06-27
    上傳時間: 2024-09-19 16:42:48 (UTC+8)
    出版者: 國立中央大學
    摘要: 自新冠疫情(COVID-19)席捲全球以來,不只改變了每個人的工作方式,同時也加速了企業數位轉型的腳步,面對大量的雲端網路服務與威脅,企業的網路安全益趨重要。而防火牆是透過檢查網路數據封包的內容,並根據企業的策略規則,來決定允許或阻擋網路連線,以確保網路安全的關鍵設備。
    相較於過去傳統防火牆功能的限制,次世代防火牆(NGFW)能識別開放式系統互聯模型第7層的應用程式,大幅地提升了對網路封包的內容過濾能力,因而成為現今企業防火牆的主流。然而隨著企業網路規模的擴大,NGFW中的策略規則數量與日俱增,從而降低了網路封包的過濾效能,如遇過大的網路流量時,則易導致NGFW被癱瘓,使得優化NGFW的策略規則成為提升網路安全之重要舉措。
    本研究以NGFW日誌資料做資料探勘,收集NGFW的日誌資料儲存於Splunk,參考國內外有關防火牆規則優化之文獻後,選擇關聯規則演算法對日誌資料做分析,找出頻繁的特徵規則,例如找出日誌中頻繁使用的網路服務、阻擋的目的位址等。另外,透過改變探勘把這些規則做調整,分別使用日連續流量及周流量所產生的關聯規則,來對現行防火牆規則進行整合,最後對NGFW效能之變化進行探討,以確認能提高防火牆效能。
    相對於過去學者的研究,本論文使用NGFW的日誌資料加以分析,與之前使用傳統防火牆日誌資料的分析方式相比,研究結果發現增加應用程式屬性進行分析,有助於發現關鍵的防火牆規則,所使用的方法在防火牆規則管理方面表現出更佳的效率,且更易於在企業中更新並優化NGFW的策略規則。
    ;Since COVID-19 has swept the world, it has not only changed the way everyone works, but also accelerated the pace of digital transformation of enterprises. In the face of a large number of network services and threats, the network security of enterprises has become more and more serious. more important. The firewall is a key device to ensure network security by checking the content of network data packets and deciding whether to allow or block network connections according to corporate policy rules. Compared with the limitations of traditional firewall functions in the past, the next-generation firewall (NGFW) can recognize Open Systems Interconnection model layer 7 applications, greatly improving the content filtering capabilities of network packets, and thus becoming the mainstream of today′s enterprise firewalls. However, as the scale of the enterprise expands, the number of policy rules in the NGFW increases rapidly, which reduces the filtering performance of network packets. Causes the problem that the NGFW function is easily paralyzed by a large amount of traffic.
    This study uses NGFW log data for data mining. First, collect NGFW log data and store them in Splunk. After referring to domestic and foreign literature on firewall rule optimization, use association rules to analyze the log data to find frequent Feature rules, such as finding frequently used network services in logs, blocked destination addresses, etc. In addition, through change mining, these rules are adjusted, and the association rules generated by one-day continuous traffic and multi-week traffic are respectively used to integrate the current firewall policy rules, and finally discuss the changes in NGFW performance. To confirm that it can improve the performance of the firewall.
    Compared with previous scholars′ research, this paper uses NGFW log records for analysis. Compared with previous research, the research results can find abnormal policy rules, applications, and attack sources. The approach used demonstrates superior efficiency in terms of policy rule management, making it easier to update and optimize firewall policy rules in the enterprise.
    顯示於類別:[資訊管理學系碩士在職專班 ] 博碩士論文

    文件中的檔案:

    檔案 描述 大小格式瀏覽次數
    index.html0KbHTML7檢視/開啟


    在NCUIR中所有的資料項目都受到原著作權保護.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明