| With the rapid development of network technology and the wide spread of Internet, the security of network becomes more and more important. Firewall is the first barrier to protect the security of network. Proper application of firewall can improve the defense ability against the attack of hackers and the security of system.In the last few years, the network attack technology has greatly changed from the scale to method, while the traditional packet-filtering firewall has many limitations to the modern network attack:1.The traditional packet-filtering firewall filters the data flow according to the rules established beforehand to reject illegal access and accept the legal access. So it is hard to adapt to the comprehensive and complex technology of modern network attack. 2.The establishment of network security strategy and the configuration of filtering rules need the profound and rich domain knowledge as experts hold. But in reality, the expert of network security is very scarce. This leads to the inefficient configuration of firewall set by ordinary network managers because they lack the experience and knowledge, so there exist many security vulnerabilities; on the other hand, this also leads to many mistakes in the spread and application of packet-filtering firewall.3.Traditional firewalls just simply reject the data packets or inform the administrator of network via e-mail when recognizing the network attack, so they lack the mechanism of responding to the attack in real time. The evolvement and development of network attack technology is now challenging the traditional firewall, so the technology of firewalls must be improved to meet the demand of the continuously development of network security.The study in this thesis is focused on applying intelligence technology to security administration of network. And a new kind of packet-filtering firewall system with intelligent character is presented and the verification by simulation is also realized under the lab environment. In this thesis, the architecture of intelligent packet-filtering firewall is described first. In this architecture the function of firewall is divided into four layers, which is data packet capture/analysis and decoding, filtering and analysis, decision execution and offline analysis for audit data respectively; then the filtering rules in intelligent packet-filtering firewall system are formalized, and the knowledge base on the basis of relational database is established. Then the model of reasoning machine is brought forward and the algorithm is designed and realized; after that, the necessity of the introduction of data mining into offline analysis for audit data is discussed, and Apriori, one of the algorithm of association rules, is adopted to the analysis of experimental data. The experiment result shows that the introduction of data mining into offline analysis for audit data can discover unknown type of network attack, and this will provide valuable information for network security experts to extract the characteristic of attack models, so that the defense ability of firewalls to network attack will be enhanced; at last further research objectives are presented.
|
PDF Full Text Request