Data Mining-Driven Framework for Effective Firewall Log Management

Document Type : Original full papers (regular papers)

Authors

1 Fayoum university

2 Faculty of Computer and Information Sciences, Ain Shams University.

3 Professor, computer science department, Fayoum university

4 Associate professor, information systems department, Fayoum university

Abstract

firewall devices faces challenges, particularly in addressing performance issues due to evolving security threats. This paper presents a framework utilizing data mining techniques, specifically the Apriori and FPgrowth algorithms, to analyze extensive firewall logs. The proposed system extracts Juniper firewall logs from Security Information and Event Management (SIEM), deploying data mining algorithms to identify and address performance issues. The process involves discovering patterns, grouping item sets, and identifying related events within the telecom network's firewall logs. The study yields recommendations for managing firewall events, both individually and in critical event contexts, enabling network security administrators to automatically detect and review firewall performance problems. The FPgrowth algorithm identifies frequent itemsets, highlighting closely related events occurring together. The proposed data mining-driven framework demonstrates strong predictive power (R = 0.948, R Square = 0.898) and significant explanatory capability, evidenced by a high F-statistic (509.589, p < 0.0001) and impactful coefficients, particularly for the "actual frequency" variable. This framework enhances the efficiency of firewall log management, providing valuable insights for network security administrators.

Keywords

Files

Share

How to cite

Statistics