頁籤選單縮合
題名 | C-SWF Incremental Mining Algorithm for Firewall Policy Management= |
---|---|
作者 | Chang, Ray-i; Chang, Keng-wei; |
期刊 | 資訊、科技與社會學報 |
出版日期 | 20091200 |
卷期 | 16 2009.12[民98.12] |
頁次 | 頁45-61 |
分類號 | 312.76 |
語文 | eng |
關鍵詞 | Computer security; Firewall; Policy management; Data mining; Association rule; |
英文摘要 | As the number of security incidents had been sharply growing, the issue of security-defense draws more and more attention from network community in past years. Firewall is known as one of the most popular security-defense mechanism for corporations. It is the first defense-line for security infrastructure of corporations to against external intrusions and threats. A firewall will filter packets by following its policy rules to avoid suspicious intruder executing illegal actions and damaging internal network. Well-designed policy rules can increase the security-defense effect to against security risk. In this paper, we apply association rule mining to analyze network logs and detect anomalous behaviors, such as connections those shown frequently in short period with the same source IP and port. From these anomalous behaviors, we could inference useful, up-to-dated and efficient firewall policy rules. Comparing with the method proposed in [18], we utilize incremental mining to handle the increasingly changed traffic log data. The proposed method can highly enhance the execution performance in data analyzing. Experimental results show that the execution efficiency of our method is better than that of traditional methods when dealing with large-sized log files. |
本系統之摘要資訊系依該期刊論文摘要之資訊為主。