Firewall Policy Management Through Sliding Window Filtering Method Using Data Mining Techniques

As the number of security incidents had been sharply growing, the issue of security-defensedraws more and more attention from network community in past years. Firewall is known one of themost popular security-defense mechanism for corporations. It is the first defense-line for securityinfrastructure of corporations to against external intrusions and threats. A firewall will filter packets byfollowing its policy rules to avoid suspicious intruder executing illegal actions and damaging internalnetwork. Well-designed policy rules can increase the security-defense effect to against security risk. Inthis paper, we apply association rule mining to analyze network logs and detect anomalous behaviors,such as connections those shown frequently in short period with the same source IP and port. Fromthese anomalous behaviors, we could inference useful, up-to-dated and efficient firewall policy rules.Comparing with the method proposed in [18], we utilize incremental mining to handle the increasinglychanged traffic log data. The proposed method can highly enhance the execution performance in dataanalyzing. Experimental results show that the execution efficiency of our method is better than that oftraditional methods when dealing with large-sized log files.