iWaLL โดย 1. นายวีกิจ สัจจะมโนรมย์ 4931243221 1. นายวีกิจ สัจจะมโนรมย์ 4931243221 2. นายสิขเรศ ศุภปัญญา 4931252921 3. นายอภิชิต หาญบรรจง 4931255821 อาจารย์ที่ปรึกษาโครงการ อาจารย์ ดร.เกริก ภิรมย์โสภา Presentation date : 31 August 2009 Intelligent Firewall

Guideline -What’s a Firewall? -Problems of Firewall -Objectives and Scope -Relevant Knowledges and Researches -What’s iWall? -iWall’s Architecture and Speciality -Schedule

What’s a Firewall? -The term “Firewall” is derived from metal sheets which are designed to confine fire in a specific area. -Computer “Firewall” regulates computer traffic between different security domains.

Types of Firewall -Packet Filtering -Application Gateway -Stateful Inspection

Firewall Architecture -Single Box Architecture -Screened Host Architecture -Multi Layer Architecture

Types of Attack -Password Attacks -Denial of Service -Trojan Horse & Virus -Man in the Middle -Packet Sniffing -IP Spoofing

Problems of Firewall -Depends solely on manufacturers’ attack signature database. -Insufficient to fend off unknown attack patterns.

Objectives -Create a firewall which can prevent new attack patterns. -Create a firewall which is adaptive to working environment. -To ensure computer network security.

Scope -To create firewall rules automatically according to attack types and usages. -To keep logs for further uses in optimization by data mining. -Use layered filter to increase the efficiency of iWall in intrusion prevention issues.

Relevant Knowledges -Data Mining -Artificial Intelligence -Computer Security

Data Mining -Applied on traffic log -Frequent Event Set -Association Mining

Artificial Intelligence -Reinforcement Learning -Heuristic functions are applied as reward functions.

Computer Security -Malware analysis -Intrusion Prevention

Relevant Researches -ระบบแม่ข่ายซีเคียวเซลล์ที่สามารถปรับตัวได้ ทางด้านการป้องกันการบุกรุก [ชนินทร์ ญาณภิ รัต และ ฐิติกร เขมวิลาส, 2007] -ไฟร์วอลล์ที่ปรับตัวได้ [สุธีร์ กิจเจริญการกุล และ อรุซ ถิรวัฒน, 2008]

What is iWall? -iWall is an combination between Application Layer firewall and Network Layer firewall.

iWall’s Architecture

Firewall -Netfilter / iptables -Embedded in UNIX kernel

Rule Server -Stores and create new rules. -Receives new logs through filter server. -Analyzes logs. -Utilizes data mining and machine learning Algorithms. -Manageable via graphical user interfaces.

Filter Server -Activate and deactivate Filter Sets. -Keeps track of Filter Sets in case of a failure. -Sends log to Rule Server.

Layered Filter -Filter Set Collection -Filter Set -Filter Node

Filter Set Collection -Contains several Filter Sets which process packets concurrently.

Filter Set -Isolated from one another. -Contains several Filter Nodes.

Filter Node -Simulates actual environment. -Designed to lure an attack. -Order of execution sorted by performance and probability of malware detection.

iWall’s Speciality -Adaptability -Analyze, Learn and Protect -Layered Filters

Adaptability -Adaptive to traffic congestion -Adaptive to malware detection rate -Flexible to working environments “It is not the strongest of the species that survives, nor the most intelligent. It is the one that is the most adaptable to change.” - Charles Darwin

Analyze, Learn and Protect -Log analysis is an iterative process in order to create efficient rules.

Schedule -Problem analysis -Requirement analysis -Design -Construction -Validation and verification -Documentation and delivery

Schedule (Cont.)

Q&A THANK YOU