查詢結果分析
來源資料
頁籤選單縮合
題名 | 運用關聯規則及改變探勘技術於防火牆政策規則優化=Applying Association Rule and Change Mining Techniques for Firewall Policy Optimization |
---|---|
作者 | 胡雅涵; 翁政雄; 楊亞澄; Hu, Ya-han; Weng, Cheng-hsiung; Yang, Ya-cheng; |
期刊 | 資訊管理學報 |
出版日期 | 20160700 |
卷期 | 23:3 2016.07[民105.07] |
頁次 | 頁277-304 |
分類號 | 312.76 |
語文 | chi |
關鍵詞 | 防火牆政策; 防火牆日誌; 資料探勘; 關聯規則; 改變探勘; Firewall policy; Firewall log; Data mining; Association rule; Change mining; |
中文摘要 | 防火牆設備是企業最普遍的網路防護設施,隨著網路環境的改變,防火牆政 策規則須不斷的更新,才能維持防火牆功能的正常運作。如何從防火牆日誌記錄 中挖掘出有意義的規則,並且適時依據防火牆日誌記錄的變動篩選出不同樣式的 規則,進而調整防火牆政策規則是一項有值得研究的議題。本研究嘗試整合關聯 規則探勘(Association rule mining)及改變探勘(Change mining)技術,提出 Change-Based Association Rule Mining(CBARM)方法。首先,從防火牆日誌記錄 中挖掘出有意義的規則,進而運用改變探勘技術辨識出新興樣式(Emerging patterns)、新增樣式(Added patterns)及消失樣式(Perished Patterns)等 3 種不同 樣式的關聯規則。最後,將具有不同樣式的關聯規則運用於防火牆政策規則的調 整,藉以提升防火牆效率。經實驗結果得知:CBARM 方法效能提升(封包比對次 數減少)相較於 Apriori 方法約 95.19%至 582.19%。平均而言,效能約提升 212.10%。 |
英文摘要 | Purpose-A firewall is the network security system most frequently used by enterprises. Because of changes in the dynamic network environment, firewall policy rules must be constantly updated to maintain efficient firewall operation. Thus, the aim of this study is to optimize firewall policy rules and improve firewall efficiency by using association rules discovered in firewall logs. Design/methodology/approach-This paper proposes change-based association rule mining (CBARM), which integrates association rule mining and change mining techniques, to discover meaningful firewall policy rules in firewall logs. Specifically, CBARM first determines pertinent association rules by using firewall logs from different time periods. Subsequently, the change mining technique is used to identify emerging, added, and perished patterns. Finally, the three types of patterns can be utilized to optimize the firewall policy rules and enhance firewall efficiency. The firewall logs were collected from a technology company in Central Taiwan. The total number of rules matched in the firewall was used as a performance measure. Findings - The experimental results revealed that the proposed CBARM outperformed the Apriori approach, reducing the number of compared network packets with firewall policy rules by approximately 95.19% to 582.19%. On average, the performance of the proposed CBARM was 212.10% more effective than that of the Apriori approach. Research limitations/implications-This study investigated the firewall logs from one company only. Evaluating the logs from other companies is critical for confirming validity. In addition, future studies can integrate other data mining and machine learning techniques to refine the performance of the proposed method. Practical implications-Two practical implications are provided. First, the association rule mining technique is proven to derive useful firewall policy rules in firewall logs. Second, using the change mining technique can facilitate evaluating the generated rules and applying such rules to optimize firewall policy rules. Originality/value-This study is the first to extend association rule mining and change mining techniques to the domain of firewall log analysis, creating a new approach to optimizing firewall policy rules. |
本系統之摘要資訊系依該期刊論文摘要之資訊為主。