Indian Journal of Science and Technology

Open Access Open Access  Restricted Access Subscription Access

Automatic Firewall Rule Generator for Network Intrusion Detection System based on Multiple Minimum Support


Affiliations
1 SITE, VIT University, Vellore - 632014, Tamil Nadu, India
2 RMK Engineering College, Gummidipoondi Taluk, Kavaraipettai, Tiruvallur - 601206, Tamil Nadu, India
 

Background: Association rule mining plays a vital role in predicting the attacks and generating the firewall rules automatically. Data mining techniques discover the knowledge by counting the frequently occurring items, whereas most of the real-world datasets are non-uniform containing both frequently and relatively rarely occurring items. This paper discusses about how to generate the automatic firewall rules to detect anomalies using multiple minimum support. Methods: Mining association rules based on single minimum support approach suffers from the dilemma known as ‘rare item problem’ it requires multiple scans of database which increase the load and time consuming. To avoid this problem Multiple Minimum Support with Probability based approach (MMSP) is used to generate rules. Findings: To create a model of current user behavior from the dataset the probability will be compute with threshold value and the alarm will be raised accordingly. By using MMSP, the number of false alarm are reduced during intrusion detection and automatic firewall rules will be generated.

Keywords

Apriori, Firewall, Intrusion Detection, Minimum Support, Probability Approach, Rare Association Mining.
User

Abstract Views: 161

PDF Views: 0




  • Automatic Firewall Rule Generator for Network Intrusion Detection System based on Multiple Minimum Support

Abstract Views: 161  |  PDF Views: 0

Authors

S. Nithya
SITE, VIT University, Vellore - 632014, Tamil Nadu, India
C. Jayakumar
RMK Engineering College, Gummidipoondi Taluk, Kavaraipettai, Tiruvallur - 601206, Tamil Nadu, India

Abstract


Background: Association rule mining plays a vital role in predicting the attacks and generating the firewall rules automatically. Data mining techniques discover the knowledge by counting the frequently occurring items, whereas most of the real-world datasets are non-uniform containing both frequently and relatively rarely occurring items. This paper discusses about how to generate the automatic firewall rules to detect anomalies using multiple minimum support. Methods: Mining association rules based on single minimum support approach suffers from the dilemma known as ‘rare item problem’ it requires multiple scans of database which increase the load and time consuming. To avoid this problem Multiple Minimum Support with Probability based approach (MMSP) is used to generate rules. Findings: To create a model of current user behavior from the dataset the probability will be compute with threshold value and the alarm will be raised accordingly. By using MMSP, the number of false alarm are reduced during intrusion detection and automatic firewall rules will be generated.

Keywords


Apriori, Firewall, Intrusion Detection, Minimum Support, Probability Approach, Rare Association Mining.



DOI: https://doi.org/10.17485/ijst%2F2016%2Fv9i41%2F124829