Advertisement

Mining Frequent Patterns in Firewall Logs Using Apriori Algorithm with WEKA

  • Hajar Esmaeil As-SuhbaniEmail author
  • S. D. Khamitkar
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 1037)

Abstract

With the enormous growth of security incidents in computer networks, the network security defense has gained significant attention from the information industry and network community. Firewalls are the first lines of defense for protecting computer networks and important information. They function as routers to connect different network segments together. Furthermore, they considered as the most important elements in the networks used by organizations to enforce their security policy. The security policies of enterprises and companies are implemented as firewall rules. These firewall rules are sensitive and any misconfiguration of them will cause anomalies. The subject of mining of frequent patterns in itemsets of the dataset is considered as one of the most important aspects in data mining technology. Apriori algorithm is the simplest and most powerful association rule mining (ARM) algorithms which can be efficiently used for mining frequent itemsets in the dataset. In this study, we proposed Apriori algorithm on WEKA to extract frequent itemset in the firewall logs to determine the best association rules that ensure the general orientations in the dataset.

Keywords

Firewall logs Firewall rules Data mining Association rule WEKA Apriori 

References

  1. 1.
    Rizzardi, A.: Security in Internet of Things: networked smart objects. Doctoral thesis, Universitá degli Studi dell’Insubria (2016)Google Scholar
  2. 2.
    Golnabi, K., Min, R.K., Khan, L., Al-Shaer, E.: Analysis of firewall policy rules using data mining techniques. In: 10th IEEE/IFIP Network Operations and Management Symposium, NOMS 2006, vol. 5, pp. 305–315. IEEE (2006).  https://doi.org/10.1109/NOMS.2006.1687561. Nagel, W.E., Walter, W.V., Lehner, W. (eds.) Euro-Par 2006. LNCS, vol. 4128, pp. 1148–1158. Springer, Heidelberg (2006).  https://doi.org/10.1007/11823285_121
  3. 3.
    Lawal, O.B., Ibitola, A., Longe, O.B.: Analysis and evaluation of network-based intrusion detection and prevention system in an enterprise network using snort freeware. Afr. J. Comput. ICTs. 6(1), 169–184 (2013)Google Scholar
  4. 4.
    Ucar, E., Ozhan, E.: The analysis of firewall policy through machine learning and data mining. Wirel. Pers. Commun. 96, 2891 (2017). https://doi.org/10.1007/s11277-017-4330-0CrossRefGoogle Scholar
  5. 5.
    Bello-Orgaz, G., Jung, J.J., Camacho, D.: Social big data: recent achievements and new challenges (2015)Google Scholar
  6. 6.
    Saboori, E., Parsazad, S., Sanatkhani, Y.: Automatic firewall rules generator for anomaly detection systems with Apriori algorithm. In: 3rd International Conference on Advanced Computer Theory and Engineering ICACTE, pp. 57–60 (2010)Google Scholar
  7. 7.
    Al-Shaer, E., Hamed, H., Boutaba, R., Hasan, M.: Conflict classification and analysis of distributed firewall policies. IEEE J. Sel. Areas Commun. 23(10), 2069–2084 (2005).  https://doi.org/10.1109/JSAC.2005.854119CrossRefGoogle Scholar
  8. 8.
    Breier, J., Branišová, J.: A dynamic rule creation based anomaly detection method for identifying security breaches in log records. Wirel. Pers. Commun. (2015).  https://doi.org/10.1007/s11277-015-3128-1CrossRefGoogle Scholar
  9. 9.
    Caruso, C., Malerba, D., Papagni, D.: Learning the daily model of network traffic. In: Hacid, MS., Murray, N.V., Raś, Z.W., Tsumoto, S. (eds.) ISMIS 2005. LNCS, vol. 3488, pp. 131–141. Springer, Heidelberg (2005).  https://doi.org/10.1007/11425274_14Google Scholar
  10. 10.
    Tanna, P., Ghodasara, Y.: Using Apriori with WEKA for frequent pattern mining. arXiv preprint arXiv:1406.7371 (2014)CrossRefGoogle Scholar
  11. 11.
    Shrivastava, A.K., Panda, R.N.: Implementation of Apriori algorithm using WEKA. KIET Int. J. Intell. Comput. Inform. 1(1), 4 (2014)Google Scholar
  12. 12.
  13. 13.
    Snort. An open source network intrusion detection system. http://www.Snort.org/
  14. 14.
    TWIDS Tool: TWIDS. http://twids.cute.edu.tw/en
  15. 15.
    As-Suhbani, H., Khamitkar, S.D.: Enhancing snort IDS performance using TWIDS for collecting network logs dataset. Int. J. Res. Adv. Eng. Technol. 42–45 (2017).  https://doi.org/10.22271/engineering
  16. 16.
    Kotsiantis, S., Kanellopoulos, D.: Association rules mining: a recent overview. GESTS Int. Trans. Comput. Sci. Eng. 32(1), 71–82 (2006)Google Scholar
  17. 17.
    Agrawal, R., Imielinski, T., Swami, A.: Mining association rules between sets of items in large databases. In: Proceedings of the: Webb. G.I, Association Rules (1993). In HandbookGoogle Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  1. 1.Department of Computational Sciences and TechnologyS.R.T.M UniversityNandedIndia

Personalised recommendations