C-SWF Incremental Mining Algorithm for Firewall Policy Management
Source: National Taiwan University
As the number of security incidents had been sharply growing, the issue of security-defense draws more and more attention from network community in past years. Firewall is known as one of the most popular security-defense mechanism for corporations. It is the first defense-line for security infrastructure of corporations to against external intrusions and threats. A firewall will filter packets by following its policy rules to avoid suspicious intruder executing illegal actions and damaging internal network. Well-designed policy rules can increase the security-defense effect to against security risk. This paper applies association rule mining to analyze network logs and detect anomalous behaviors, such as connections those shown frequently in short period with the same source IP and port.