| Today,with the highly developed information technology,Internet services have become the main carrier of people's lives,providing people with a free,convenient and fast lifestyle.However,various attacks technologies against Internet are also emerging.The traditional firewall mainly chooses and sets up a blacklist from the rule base,in which the attack mode has been known.By detecting the data entering and leaving the server,the known attack mode is effectively found,and the error rate can be controlled to a very low range;but the method cannot find the unknown or potential attack methods,and there is a very high rate of missing report.Therefore,the ability to improve firewall inspection and defense against potential cyberattack threats through machine learning is of great practical significance.In order to solve the above problems,in this paper we design and implement a firewall system that can not only defend against general attacks,but also has outstanding performance in detecting potential or unknown attacks,and has real-time response capability to protect server security.The main research contents of the thesis are as follows:By comparing the existing machine learning algorithm model,we selected the decision tree as the model,because it has more advantages working in the firewall.The significant advantage of this algorithm model is that it is suitable for big data processing,and has high detection accuracy.Its model is also clear and easy to understand,and it is suitable for discrete data types with obvious features.These advantages are very helpful to improve the efficiency and accuracy of the firewall.In this paper,we designed and implemented the overall architecture and modules of the firewall.And focusing on the implementation of ID3 decision tree model in the firewall.The original decision tree detection model is trained by the training data set during the initial operation of the system,and then the original detection model is used for attack detection in the attack detection module;the detected data packets are randomly taken out and stored in the feedback data set until the packet number meets what we need.then the model enters into the learning process,feedback learning,correction and optimization of the detection model.This paper also introduces the related technologies of data collection,data processing,machine learning,log recording,attack detection,network monitoring and policy enforcement of the firewall.Test results show that the firewall has achieved the expected results in defending against cyber attacks. |
PDF Full Text Request