摘要(英) |
Since COVID-19 has swept the world, it has not only changed the way everyone works, but also accelerated the pace of digital transformation of enterprises. In the face of a large number of network services and threats, the network security of enterprises has become more and more serious. more important. The firewall is a key device to ensure network security by checking the content of network data packets and deciding whether to allow or block network connections according to corporate policy rules. Compared with the limitations of traditional firewall functions in the past, the next-generation firewall (NGFW) can recognize Open Systems Interconnection model layer 7 applications, greatly improving the content filtering capabilities of network packets, and thus becoming the mainstream of today′s enterprise firewalls. However, as the scale of the enterprise expands, the number of policy rules in the NGFW increases rapidly, which reduces the filtering performance of network packets. Causes the problem that the NGFW function is easily paralyzed by a large amount of traffic.
This study uses NGFW log data for data mining. First, collect NGFW log data and store them in Splunk. After referring to domestic and foreign literature on firewall rule optimization, use association rules to analyze the log data to find frequent Feature rules, such as finding frequently used network services in logs, blocked destination addresses, etc. In addition, through change mining, these rules are adjusted, and the association rules generated by one-day continuous traffic and multi-week traffic are respectively used to integrate the current firewall policy rules, and finally discuss the changes in NGFW performance. To confirm that it can improve the performance of the firewall.
Compared with previous scholars′ research, this paper uses NGFW log records for analysis. Compared with previous research, the research results can find abnormal policy rules, applications, and attack sources. The approach used demonstrates superior efficiency in terms of policy rule management, making it easier to update and optimize firewall policy rules in the enterprise. |
參考文獻 |
參考文獻
中文部分
丘國富(2011),防火牆安全策略之研析,陸軍通資半年刊,頁:47-58。
馬磊(2021),試論電腦網路安全與防火牆技術,新型工業化,頁:253-254。
徐新偉(2021),防火牆技術在電腦網路安全中運用分析,中國寬頻,頁:17-18。
楊亞澄(2016),運用關聯規則於提升防火牆效率之研究,資訊管理學報第23卷3期,頁:277-304。
孫佳、苗春雨、劉博(2022),網路安全大資料分析與實戰,機械工業出版社。
英文部分
Ahmed Z. and S Askari S.M. (2018) ‘Firewall Rule Anomaly Detection: A Survey’. Rochester, NY. Available at: https://papers.ssrn.com/abstract=3361145 (Accessed: 31 December 2022).
Bala, P.K. (2010) ‘Mining changes in purchase behavior in retail sale with products as conditional part’, in 2010 IEEE 2nd International Advance Computing Conference (IACC). 2010 IEEE 2nd International Advance Computing Conference (IACC), pp. 78–81. Available at: https://doi.org/10.1109/IADCC.2010.5423033.
Bringhenti, D. and Valenza, F. (2022) ‘Optimizing distributed firewall reconfiguration transients’, Computer Networks, 215, p. 109183. Available at: https://doi.org/10.1016/j.comnet.2022.109183.
Djenouri, Y. and Comuzzi, M. (2017) ‘Combining Apriori heuristic and bio-inspired algorithms for solving the frequent itemsets mining problem’, Information Sciences, 420, pp. 1–15. Available at: https://doi.org/10.1016/j.ins.2017.08.043.
Golnabi, K. et al. (2006) Analysis of Firewall Policy Rules Using Data Mining Techniques, p. 315. Available at: https://doi.org/10.1109/NOMS.2006.1687561.
Hadjadj, T.E. et al. (2022) ‘Optimization of parallel firewalls filtering rules’, International Journal of Information Security, 21(2), pp. 323–340. Available at: https://doi.org/10.1007/s10207-021-00557-4.
Hamilton, R. et al. (2020) ‘Deep Packet Inspection in Firewall Clusters’, in 2020 28th Telecommunications Forum (℡FOR). 2020 28th Telecommunications Forum (℡FOR), pp. 1–4. Available at: https://doi.org/10.1109/℡FOR51502.2020.9306651.
Hanguang, L. and Yu, N. (2012) ‘Intrusion Detection Technology Research Based on Apriori Algorithm’, Physics Procedia, 24, pp. 1615–1620. Available at: https://doi.org/10.1016/j.phpro.2012.02.238.
Hidayanto, B.C. et al. (2017) ‘Network Intrusion Detection Systems Analysis using Frequent Item Set Mining Algorithm FP-Max and Apriori’, Procedia Computer Science, 124, pp. 751–758. Available at: https://doi.org/10.1016/j.procs.2017.12.214.
Jadhav, P.P. (2021) ‘11 - Advanced data mining for defense and security applications’, in D. Binu and B.R. Rajakumar (eds) Artificial Intelligence in Data Mining. Academic Press, pp. 223–241. Available at: https://doi.org/10.1016/B978-0-12-820601-0.00009-4.
Khan, S. and Parkinson, S. (2018) ‘Eliciting and utilising knowledge for security event log analysis: An association rule mining and automated planning approach’, Expert Systems with Applications, 113, pp. 116–127. Available at: https://doi.org/10.1016/j.eswa.2018.07.006.
Khoumsi, A., Erradi, M. and Krombi, W. (2018) ‘A formal basis for the design and analysis of firewall security policies’, Journal of King Saud University - Computer and Information Sciences, 30(1), pp. 51–66. Available at: https://doi.org/10.1016/j.jksuci.2016.11.008.
Khummanee, S., Khumseela, A. and Puangpronpitag, S. (2013) ‘Towards a new design of firewall: Anomaly elimination and fast verifying of firewall rules’, in The 2013 10th International Joint Conference on Computer Science and Software Engineering (JCSSE). The 2013 10th International Joint Conference on Computer Science and Software Engineering (JCSSE), pp. 93–98. Available at: https://doi.org/10.1109/JCSSE.2013.6567326.
Lee, H. et al. (2021) ‘HSViz: Hierarchy Simplified Visualizations for Firewall Policy Analysis’, IEEE Access, 9, pp. 71737–71753. Available at: https://doi.org/10.1109/ACCESS.2021.3077146.
Liu, A.X. (2009) ‘Firewall policy verification and troubleshooting’, Computer Networks, 53(16), pp. 2800–2809. Available at: https://doi.org/10.1016/j.comnet.2009.07.003.
Malecki, F. (2012) ‘Next-generation firewalls: security with performance’, Network Security, 2012(12), pp. 19–20. Available at: https://doi.org/10.1016/S1353-4858(12)70114-9.
Mohan, R. et al. (2018) ‘On optimizing firewall performance in dynamic networks by invoking a novel swapping window–based paradigm’, International Journal of Communication Systems, 31(15), p. e3773. Available at: https://doi.org/10.1002/dac.3773.
Rastogi, R. and Bansal, M. (2023) ‘Diabetes prediction model using data mining techniques’, Measurement: Sensors, 25, p. 100605. Available at: https://doi.org/10.1016/j.measen.2022.100605.
Ren, M. et al. (2020) ‘Research on abnormal traffic diagnosis based on deployment mode of firewall’, in 2020 IEEE 9th Joint International Information Technology and Artificial Intelligence Conference (ITAIC). 2020 IEEE 9th Joint International Information Technology and Artificial Intelligence Conference (ITAIC), pp. 2286–2291. Available at: https://doi.org/10.1109/ITAIC49862.2020.9339189.
Saboori, E., Parsazad, S. and Sanatkhani, Y. (2010) ‘Automatic firewall rules generator for anomaly detection systems with Apriori algorithm’, in 2010 3rd International Conference on Advanced Computer Theory and Engineering(ICACTE). 2010 3rd International Conference on Advanced Computer Theory and Engineering(ICACTE), pp. V6-57-V6-60. Available at: https://doi.org/10.1109/ICACTE.2010.5579365.
Samawi, V.W., Yousif, S.A. and Al-Saidi, N.M.G. (2022) ‘Intrusion Detection System: An Automatic Machine Learning Algorithms Using Auto- WEKA’, in 2022 IEEE 13th Control and System Graduate Research Colloquium (ICSGRC). 2022 IEEE 13th Control and System Graduate Research Colloquium (ICSGRC), pp. 42–46. Available at: https://doi.org/10.1109/ICSGRC55096.2022.9845166.
Setiabudi, D.H. et al. (2011) ‘Data mining market basket analysis’ using hybrid-dimension association rules, case study in Minimarket X’, in 2011 International Conference on Uncertainty Reasoning and Knowledge Engineering. 2011 International Conference on Uncertainty Reasoning and Knowledge Engineering, pp. 196–199. Available at: https://doi.org/10.1109/URKE.2011.6007796.
Song, H.S., Kim, J. kyeong and Kim, S.H. (2001) ‘Mining the change of customer behavior in an internet shopping mall’, Expert Systems with Applications, 21(3), pp. 157–168. Available at: https://doi.org/10.1016/S0957-4174(01)00037-9.
Su, M.-Y. (2010) ‘Discovery and prevention of attack episodes by frequent episodes mining and finite state machines’, Journal of Network and Computer Applications, 33(2), pp. 156–167. Available at: https://doi.org/10.1016/j.jnca.2009.10.003.
Tiwari, A., Papini, S. and Hemamalini, V. (2022) ‘An enhanced optimization of parallel firewalls filtering rules for scalable high-speed networks’, Materials Today: Proceedings, 62, pp. 4800–4805. Available at: https://doi.org/10.1016/j.matpr.2022.03.346.
Uçtu, G. et al. (2021) ‘A suggested testbed to evaluate multicast network and threat prevention performance of Next Generation Firewalls’, Future Generation Computer Systems, 124, pp. 56–67. Available at: https://doi.org/10.1016/j.future.2021.05.013.
Virupakshar, K.B. et al. (2020) ‘Distributed Denial of Service (DDoS) Attacks Detection System for OpenStack-based Private Cloud’, Procedia Computer Science, 167, pp. 2297–2307. Available at: https://doi.org/10.1016/j.procs.2020.03.282.
Wang, P. et al. (2009) ‘Mining Association Rules Based on Apriori Algorithm and Application’, in 2009 International Forum on Computer Science-Technology and Applications. 2009 International Forum on Computer Science-Technology and Applications, pp. 141–143. Available at: https://doi.org/10.1109/IFCSTA.2009.41.
Winding, R., Wright, T. and Chapple, M. (2006) ‘System Anomaly Detection: Mining Firewall Logs’, in 2006 Securecomm and Workshops. 2006 Securecomm and Workshops, pp. 1–5. Available at: https://doi.org/10.1109/SECCOMW.2006.359572.
Dong, G., & Li, J. (1999, Jun.). Efficient mining of emerging patterns: discovering trends and differences. Paper presented at the Proceedings of the 5th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, San Diego, California, USA |