中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/93114
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 80990/80990 (100%)
Visitors : 42700642      Online Users : 1460
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/93114


    Title: 運用資料探勘技術優化 次世代防火牆規則之研究;Optimize NGFW policy rules using data mining techniques
    Authors: 楊豐銘;Yang, Feng-Ming
    Contributors: 資訊管理學系在職專班
    Keywords: 次世代防火牆;資料探勘;關聯規則;規則管理;改變探勘;next generation firewall;data mining;association rules;policy management;change mining
    Date: 2023-06-27
    Issue Date: 2024-09-19 16:42:48 (UTC+8)
    Publisher: 國立中央大學
    Abstract: 自新冠疫情(COVID-19)席捲全球以來,不只改變了每個人的工作方式,同時也加速了企業數位轉型的腳步,面對大量的雲端網路服務與威脅,企業的網路安全益趨重要。而防火牆是透過檢查網路數據封包的內容,並根據企業的策略規則,來決定允許或阻擋網路連線,以確保網路安全的關鍵設備。
    相較於過去傳統防火牆功能的限制,次世代防火牆(NGFW)能識別開放式系統互聯模型第7層的應用程式,大幅地提升了對網路封包的內容過濾能力,因而成為現今企業防火牆的主流。然而隨著企業網路規模的擴大,NGFW中的策略規則數量與日俱增,從而降低了網路封包的過濾效能,如遇過大的網路流量時,則易導致NGFW被癱瘓,使得優化NGFW的策略規則成為提升網路安全之重要舉措。
    本研究以NGFW日誌資料做資料探勘,收集NGFW的日誌資料儲存於Splunk,參考國內外有關防火牆規則優化之文獻後,選擇關聯規則演算法對日誌資料做分析,找出頻繁的特徵規則,例如找出日誌中頻繁使用的網路服務、阻擋的目的位址等。另外,透過改變探勘把這些規則做調整,分別使用日連續流量及周流量所產生的關聯規則,來對現行防火牆規則進行整合,最後對NGFW效能之變化進行探討,以確認能提高防火牆效能。
    相對於過去學者的研究,本論文使用NGFW的日誌資料加以分析,與之前使用傳統防火牆日誌資料的分析方式相比,研究結果發現增加應用程式屬性進行分析,有助於發現關鍵的防火牆規則,所使用的方法在防火牆規則管理方面表現出更佳的效率,且更易於在企業中更新並優化NGFW的策略規則。
    ;Since COVID-19 has swept the world, it has not only changed the way everyone works, but also accelerated the pace of digital transformation of enterprises. In the face of a large number of network services and threats, the network security of enterprises has become more and more serious. more important. The firewall is a key device to ensure network security by checking the content of network data packets and deciding whether to allow or block network connections according to corporate policy rules. Compared with the limitations of traditional firewall functions in the past, the next-generation firewall (NGFW) can recognize Open Systems Interconnection model layer 7 applications, greatly improving the content filtering capabilities of network packets, and thus becoming the mainstream of today′s enterprise firewalls. However, as the scale of the enterprise expands, the number of policy rules in the NGFW increases rapidly, which reduces the filtering performance of network packets. Causes the problem that the NGFW function is easily paralyzed by a large amount of traffic.
    This study uses NGFW log data for data mining. First, collect NGFW log data and store them in Splunk. After referring to domestic and foreign literature on firewall rule optimization, use association rules to analyze the log data to find frequent Feature rules, such as finding frequently used network services in logs, blocked destination addresses, etc. In addition, through change mining, these rules are adjusted, and the association rules generated by one-day continuous traffic and multi-week traffic are respectively used to integrate the current firewall policy rules, and finally discuss the changes in NGFW performance. To confirm that it can improve the performance of the firewall.
    Compared with previous scholars′ research, this paper uses NGFW log records for analysis. Compared with previous research, the research results can find abnormal policy rules, applications, and attack sources. The approach used demonstrates superior efficiency in terms of policy rule management, making it easier to update and optimize firewall policy rules in the enterprise.
    Appears in Collections:[Executive Master of Information Management] Electronic Thesis & Dissertation

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML14View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明