運用資料探勘技術優化 次世代防火牆規則之研究

以作者查詢圖書館館藏

、以作者查詢臺灣博碩士

、以作者查詢全國書目

、勘誤回報

、線上人數：13

、訪客IP：3.149.243.18

姓名

楊豐銘(Feng-Ming Yang) 查詢紙本館藏

畢業系所

資訊管理學系在職專班

論文名稱

運用資料探勘技術優化次世代防火牆規則之研究
(Optimize NGFW policy rules using data mining techniques)

相關論文

★ 以文字探勘技術分析標籤劫持—以twitter為例

檔案

[Endnote RIS 格式]

[Bibtex 格式]

[相關文章]

[文章引用]

[完整記錄]

[館藏目錄]

至系統瀏覽論文 (2026-7-1以後開放)

摘要(中)

自新冠疫情(COVID-19)席捲全球以來，不只改變了每個人的工作方式，同時也加速了企業數位轉型的腳步，面對大量的雲端網路服務與威脅，企業的網路安全益趨重要。而防火牆是透過檢查網路數據封包的內容，並根據企業的策略規則，來決定允許或阻擋網路連線，以確保網路安全的關鍵設備。
相較於過去傳統防火牆功能的限制，次世代防火牆(NGFW)能識別開放式系統互聯模型第7層的應用程式，大幅地提升了對網路封包的內容過濾能力，因而成為現今企業防火牆的主流。然而隨著企業網路規模的擴大，NGFW中的策略規則數量與日俱增，從而降低了網路封包的過濾效能，如遇過大的網路流量時，則易導致NGFW被癱瘓，使得優化NGFW的策略規則成為提升網路安全之重要舉措。
本研究以NGFW日誌資料做資料探勘，收集NGFW的日誌資料儲存於Splunk，參考國內外有關防火牆規則優化之文獻後，選擇關聯規則演算法對日誌資料做分析，找出頻繁的特徵規則，例如找出日誌中頻繁使用的網路服務、阻擋的目的位址等。另外，透過改變探勘把這些規則做調整，分別使用日連續流量及周流量所產生的關聯規則，來對現行防火牆規則進行整合，最後對NGFW效能之變化進行探討，以確認能提高防火牆效能。
相對於過去學者的研究，本論文使用NGFW的日誌資料加以分析，與之前使用傳統防火牆日誌資料的分析方式相比，研究結果發現增加應用程式屬性進行分析，有助於發現關鍵的防火牆規則，所使用的方法在防火牆規則管理方面表現出更佳的效率，且更易於在企業中更新並優化NGFW的策略規則。

摘要(英)

Since COVID-19 has swept the world, it has not only changed the way everyone works, but also accelerated the pace of digital transformation of enterprises. In the face of a large number of network services and threats, the network security of enterprises has become more and more serious. more important. The firewall is a key device to ensure network security by checking the content of network data packets and deciding whether to allow or block network connections according to corporate policy rules. Compared with the limitations of traditional firewall functions in the past, the next-generation firewall (NGFW) can recognize Open Systems Interconnection model layer 7 applications, greatly improving the content filtering capabilities of network packets, and thus becoming the mainstream of today′s enterprise firewalls. However, as the scale of the enterprise expands, the number of policy rules in the NGFW increases rapidly, which reduces the filtering performance of network packets. Causes the problem that the NGFW function is easily paralyzed by a large amount of traffic.
This study uses NGFW log data for data mining. First, collect NGFW log data and store them in Splunk. After referring to domestic and foreign literature on firewall rule optimization, use association rules to analyze the log data to find frequent Feature rules, such as finding frequently used network services in logs, blocked destination addresses, etc. In addition, through change mining, these rules are adjusted, and the association rules generated by one-day continuous traffic and multi-week traffic are respectively used to integrate the current firewall policy rules, and finally discuss the changes in NGFW performance. To confirm that it can improve the performance of the firewall.
Compared with previous scholars′ research, this paper uses NGFW log records for analysis. Compared with previous research, the research results can find abnormal policy rules, applications, and attack sources. The approach used demonstrates superior efficiency in terms of policy rule management, making it easier to update and optimize firewall policy rules in the enterprise.

關鍵字(中)

★ 次世代防火牆
★ 資料探勘
★ 關聯規則
★ 規則管理
★ 改變探勘

關鍵字(英)

★ next generation firewall
★ data mining
★ association rules
★ policy management
★ change mining

論文目次

目錄
第一章緒論 1
1.1 研究背景 2
1.2 研究動機 5
1.3 研究目的 8
1.4 論文架構 9
第二章文獻探討 10
2.1防火牆系統 10
2.1.1 防火牆策略規則探討 11
2.1.2 防火牆日誌記錄 14
2.1.3 防火牆性能提升的研究 15
2.2 資料探勘技術於防火牆的應用 17
第三章研究方法 20
3.1 研究流程 21
3.2 資料來源與變數說明 24
3.3 資料前處理 25
3.4 資料探勘與分析技術 28
3.4.1 關聯規則(Association Rules) 29
3.4.2 改變探勘(Change Mining) 31
3.5 關聯規則與防火牆策略規則之整合 33
3.5.1 關聯規則的整合 34
3.5.2 規則評估 36
3.5.3 異常規則偵測 36
第四章實驗結果 39
4.1 日誌分析 39
4.2 關聯規則分析 39
4.2.1 Apriori關聯規則演算法分析 39
4.2.2 Change mining分析 43
第五章研究結論與建議 49
5.1 研究結論 49
5.2 研究限制 49
5.3 未來研究方向與建議 50

參考文獻

參考文獻

中文部分
丘國富(2011)，防火牆安全策略之研析，陸軍通資半年刊，頁：47-58。
馬磊(2021)，試論電腦網路安全與防火牆技術，新型工業化，頁：253-254。
徐新偉(2021)，防火牆技術在電腦網路安全中運用分析，中國寬頻，頁：17-18。
楊亞澄(2016)，運用關聯規則於提升防火牆效率之研究，資訊管理學報第23卷3期，頁：277-304。
孫佳、苗春雨、劉博(2022)，網路安全大資料分析與實戰，機械工業出版社。

英文部分
Ahmed Z. and S Askari S.M. (2018) ‘Firewall Rule Anomaly Detection: A Survey’. Rochester, NY. Available at: https://papers.ssrn.com/abstract=3361145 (Accessed: 31 December 2022).
Bala, P.K. (2010) ‘Mining changes in purchase behavior in retail sale with products as conditional part’, in 2010 IEEE 2nd International Advance Computing Conference (IACC). 2010 IEEE 2nd International Advance Computing Conference (IACC), pp. 78–81. Available at: https://doi.org/10.1109/IADCC.2010.5423033.
Bringhenti, D. and Valenza, F. (2022) ‘Optimizing distributed firewall reconfiguration transients’, Computer Networks, 215, p. 109183. Available at: https://doi.org/10.1016/j.comnet.2022.109183.
Djenouri, Y. and Comuzzi, M. (2017) ‘Combining Apriori heuristic and bio-inspired algorithms for solving the frequent itemsets mining problem’, Information Sciences, 420, pp. 1–15. Available at: https://doi.org/10.1016/j.ins.2017.08.043.
Golnabi, K. et al. (2006) Analysis of Firewall Policy Rules Using Data Mining Techniques, p. 315. Available at: https://doi.org/10.1109/NOMS.2006.1687561.
Hadjadj, T.E. et al. (2022) ‘Optimization of parallel firewalls filtering rules’, International Journal of Information Security, 21(2), pp. 323–340. Available at: https://doi.org/10.1007/s10207-021-00557-4.
Hamilton, R. et al. (2020) ‘Deep Packet Inspection in Firewall Clusters’, in 2020 28th Telecommunications Forum (℡FOR). 2020 28th Telecommunications Forum (℡FOR), pp. 1–4. Available at: https://doi.org/10.1109/℡FOR51502.2020.9306651.
Hanguang, L. and Yu, N. (2012) ‘Intrusion Detection Technology Research Based on Apriori Algorithm’, Physics Procedia, 24, pp. 1615–1620. Available at: https://doi.org/10.1016/j.phpro.2012.02.238.
Hidayanto, B.C. et al. (2017) ‘Network Intrusion Detection Systems Analysis using Frequent Item Set Mining Algorithm FP-Max and Apriori’, Procedia Computer Science, 124, pp. 751–758. Available at: https://doi.org/10.1016/j.procs.2017.12.214.
Jadhav, P.P. (2021) ‘11 - Advanced data mining for defense and security applications’, in D. Binu and B.R. Rajakumar (eds) Artificial Intelligence in Data Mining. Academic Press, pp. 223–241. Available at: https://doi.org/10.1016/B978-0-12-820601-0.00009-4.
Khan, S. and Parkinson, S. (2018) ‘Eliciting and utilising knowledge for security event log analysis: An association rule mining and automated planning approach’, Expert Systems with Applications, 113, pp. 116–127. Available at: https://doi.org/10.1016/j.eswa.2018.07.006.
Khoumsi, A., Erradi, M. and Krombi, W. (2018) ‘A formal basis for the design and analysis of firewall security policies’, Journal of King Saud University - Computer and Information Sciences, 30(1), pp. 51–66. Available at: https://doi.org/10.1016/j.jksuci.2016.11.008.
Khummanee, S., Khumseela, A. and Puangpronpitag, S. (2013) ‘Towards a new design of firewall: Anomaly elimination and fast verifying of firewall rules’, in The 2013 10th International Joint Conference on Computer Science and Software Engineering (JCSSE). The 2013 10th International Joint Conference on Computer Science and Software Engineering (JCSSE), pp. 93–98. Available at: https://doi.org/10.1109/JCSSE.2013.6567326.
Lee, H. et al. (2021) ‘HSViz: Hierarchy Simplified Visualizations for Firewall Policy Analysis’, IEEE Access, 9, pp. 71737–71753. Available at: https://doi.org/10.1109/ACCESS.2021.3077146.
Liu, A.X. (2009) ‘Firewall policy verification and troubleshooting’, Computer Networks, 53(16), pp. 2800–2809. Available at: https://doi.org/10.1016/j.comnet.2009.07.003.
Malecki, F. (2012) ‘Next-generation firewalls: security with performance’, Network Security, 2012(12), pp. 19–20. Available at: https://doi.org/10.1016/S1353-4858(12)70114-9.
Mohan, R. et al. (2018) ‘On optimizing firewall performance in dynamic networks by invoking a novel swapping window–based paradigm’, International Journal of Communication Systems, 31(15), p. e3773. Available at: https://doi.org/10.1002/dac.3773.
Rastogi, R. and Bansal, M. (2023) ‘Diabetes prediction model using data mining techniques’, Measurement: Sensors, 25, p. 100605. Available at: https://doi.org/10.1016/j.measen.2022.100605.
Ren, M. et al. (2020) ‘Research on abnormal traffic diagnosis based on deployment mode of firewall’, in 2020 IEEE 9th Joint International Information Technology and Artificial Intelligence Conference (ITAIC). 2020 IEEE 9th Joint International Information Technology and Artificial Intelligence Conference (ITAIC), pp. 2286–2291. Available at: https://doi.org/10.1109/ITAIC49862.2020.9339189.
Saboori, E., Parsazad, S. and Sanatkhani, Y. (2010) ‘Automatic firewall rules generator for anomaly detection systems with Apriori algorithm’, in 2010 3rd International Conference on Advanced Computer Theory and Engineering(ICACTE). 2010 3rd International Conference on Advanced Computer Theory and Engineering(ICACTE), pp. V6-57-V6-60. Available at: https://doi.org/10.1109/ICACTE.2010.5579365.
Samawi, V.W., Yousif, S.A. and Al-Saidi, N.M.G. (2022) ‘Intrusion Detection System: An Automatic Machine Learning Algorithms Using Auto- WEKA’, in 2022 IEEE 13th Control and System Graduate Research Colloquium (ICSGRC). 2022 IEEE 13th Control and System Graduate Research Colloquium (ICSGRC), pp. 42–46. Available at: https://doi.org/10.1109/ICSGRC55096.2022.9845166.
Setiabudi, D.H. et al. (2011) ‘Data mining market basket analysis’ using hybrid-dimension association rules, case study in Minimarket X’, in 2011 International Conference on Uncertainty Reasoning and Knowledge Engineering. 2011 International Conference on Uncertainty Reasoning and Knowledge Engineering, pp. 196–199. Available at: https://doi.org/10.1109/URKE.2011.6007796.
Song, H.S., Kim, J. kyeong and Kim, S.H. (2001) ‘Mining the change of customer behavior in an internet shopping mall’, Expert Systems with Applications, 21(3), pp. 157–168. Available at: https://doi.org/10.1016/S0957-4174(01)00037-9.
Su, M.-Y. (2010) ‘Discovery and prevention of attack episodes by frequent episodes mining and finite state machines’, Journal of Network and Computer Applications, 33(2), pp. 156–167. Available at: https://doi.org/10.1016/j.jnca.2009.10.003.
Tiwari, A., Papini, S. and Hemamalini, V. (2022) ‘An enhanced optimization of parallel firewalls filtering rules for scalable high-speed networks’, Materials Today: Proceedings, 62, pp. 4800–4805. Available at: https://doi.org/10.1016/j.matpr.2022.03.346.
Uçtu, G. et al. (2021) ‘A suggested testbed to evaluate multicast network and threat prevention performance of Next Generation Firewalls’, Future Generation Computer Systems, 124, pp. 56–67. Available at: https://doi.org/10.1016/j.future.2021.05.013.
Virupakshar, K.B. et al. (2020) ‘Distributed Denial of Service (DDoS) Attacks Detection System for OpenStack-based Private Cloud’, Procedia Computer Science, 167, pp. 2297–2307. Available at: https://doi.org/10.1016/j.procs.2020.03.282.
Wang, P. et al. (2009) ‘Mining Association Rules Based on Apriori Algorithm and Application’, in 2009 International Forum on Computer Science-Technology and Applications. 2009 International Forum on Computer Science-Technology and Applications, pp. 141–143. Available at: https://doi.org/10.1109/IFCSTA.2009.41.
Winding, R., Wright, T. and Chapple, M. (2006) ‘System Anomaly Detection: Mining Firewall Logs’, in 2006 Securecomm and Workshops. 2006 Securecomm and Workshops, pp. 1–5. Available at: https://doi.org/10.1109/SECCOMW.2006.359572.
Dong, G., & Li, J. (1999, Jun.). Efficient mining of emerging patterns： discovering trends and differences. Paper presented at the Proceedings of the 5th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, San Diego, California, USA

指導教授

胡雅涵周恩頤

審核日期

2023-6-27

推文