iWaLL โดย 1. นายวีกิจ สัจจะมโนรมย์ 4931243221 1. นายวีกิจ สัจจะมโนรมย์ 4931243221 2. นายสิขเรศ ศุภปัญญา 4931252921 3. นายอภิชิต หาญบรรจง 4931255821 อาจารย์ที่ปรึกษาโครงการ อาจารย์ ดร.เกริก ภิรมย์โสภา Presentation date : 31 August 2009 Intelligent Firewall
Guideline -What’s a Firewall? -Problems of Firewall -Objectives and Scope -Relevant Knowledges and Researches -What’s iWall? -iWall’s Architecture and Speciality -Schedule
What’s a Firewall? -The term “Firewall” is derived from metal sheets which are designed to confine fire in a specific area. -Computer “Firewall” regulates computer traffic between different security domains.
Types of Firewall -Packet Filtering -Application Gateway -Stateful Inspection
Firewall Architecture -Single Box Architecture -Screened Host Architecture -Multi Layer Architecture
Types of Attack -Password Attacks -Denial of Service -Trojan Horse & Virus -Man in the Middle -Packet Sniffing -IP Spoofing
Problems of Firewall -Depends solely on manufacturers’ attack signature database. -Insufficient to fend off unknown attack patterns.
Objectives -Create a firewall which can prevent new attack patterns. -Create a firewall which is adaptive to working environment. -To ensure computer network security.
Scope -To create firewall rules automatically according to attack types and usages. -To keep logs for further uses in optimization by data mining. -Use layered filter to increase the efficiency of iWall in intrusion prevention issues.
Relevant Knowledges -Data Mining -Artificial Intelligence -Computer Security
Data Mining -Applied on traffic log -Frequent Event Set -Association Mining
Artificial Intelligence -Reinforcement Learning -Heuristic functions are applied as reward functions.
Computer Security -Malware analysis -Intrusion Prevention
Relevant Researches -ระบบแม่ข่ายซีเคียวเซลล์ที่สามารถปรับตัวได้ ทางด้านการป้องกันการบุกรุก [ชนินทร์ ญาณภิ รัต และ ฐิติกร เขมวิลาส, 2007] -ไฟร์วอลล์ที่ปรับตัวได้ [สุธีร์ กิจเจริญการกุล และ อรุซ ถิรวัฒน, 2008]
What is iWall? -iWall is an combination between Application Layer firewall and Network Layer firewall.
iWall’s Architecture
Firewall -Netfilter / iptables -Embedded in UNIX kernel
Rule Server -Stores and create new rules. -Receives new logs through filter server. -Analyzes logs. -Utilizes data mining and machine learning Algorithms. -Manageable via graphical user interfaces.
Filter Server -Activate and deactivate Filter Sets. -Keeps track of Filter Sets in case of a failure. -Sends log to Rule Server.
Layered Filter -Filter Set Collection -Filter Set -Filter Node
Filter Set Collection -Contains several Filter Sets which process packets concurrently.
Filter Set -Isolated from one another. -Contains several Filter Nodes.
Filter Node -Simulates actual environment. -Designed to lure an attack. -Order of execution sorted by performance and probability of malware detection.
iWall’s Speciality -Adaptability -Analyze, Learn and Protect -Layered Filters
Adaptability -Adaptive to traffic congestion -Adaptive to malware detection rate -Flexible to working environments “It is not the strongest of the species that survives, nor the most intelligent. It is the one that is the most adaptable to change.” - Charles Darwin
Analyze, Learn and Protect -Log analysis is an iterative process in order to create efficient rules.
Schedule -Problem analysis -Requirement analysis -Design -Construction -Validation and verification -Documentation and delivery
Schedule (Cont.)
Q&A THANK YOU