dc.description.abstract | Since COVID-19 has swept the world, it has not only changed the way everyone works, but also accelerated the pace of digital transformation of enterprises. In the face of a large number of network services and threats, the network security of enterprises has become more and more serious. more important. The firewall is a key device to ensure network security by checking the content of network data packets and deciding whether to allow or block network connections according to corporate policy rules. Compared with the limitations of traditional firewall functions in the past, the next-generation firewall (NGFW) can recognize Open Systems Interconnection model layer 7 applications, greatly improving the content filtering capabilities of network packets, and thus becoming the mainstream of today′s enterprise firewalls. However, as the scale of the enterprise expands, the number of policy rules in the NGFW increases rapidly, which reduces the filtering performance of network packets. Causes the problem that the NGFW function is easily paralyzed by a large amount of traffic.
This study uses NGFW log data for data mining. First, collect NGFW log data and store them in Splunk. After referring to domestic and foreign literature on firewall rule optimization, use association rules to analyze the log data to find frequent Feature rules, such as finding frequently used network services in logs, blocked destination addresses, etc. In addition, through change mining, these rules are adjusted, and the association rules generated by one-day continuous traffic and multi-week traffic are respectively used to integrate the current firewall policy rules, and finally discuss the changes in NGFW performance. To confirm that it can improve the performance of the firewall.
Compared with previous scholars′ research, this paper uses NGFW log records for analysis. Compared with previous research, the research results can find abnormal policy rules, applications, and attack sources. The approach used demonstrates superior efficiency in terms of policy rule management, making it easier to update and optimize firewall policy rules in the enterprise. | en_US |