iWaLL โดย 1. นายวีกิจ สัจจะมโนรมย์

งานนำเสนอเรื่อง: "iWaLL โดย 1. นายวีกิจ สัจจะมโนรมย์"— ใบสำเนางานนำเสนอ:

1 iWaLL โดย 1. นายวีกิจ สัจจะมโนรมย์ 4931243221
1. นายวีกิจ สัจจะมโนรมย์ 2. นายสิขเรศ ศุภปัญญา 3. นายอภิชิต หาญบรรจง อาจารย์ที่ปรึกษาโครงการ อาจารย์ ดร.เกริก ภิรมย์โสภา Presentation date : 31 August 2009 Intelligent Firewall

2 Guideline -What’s a Firewall? -Problems of Firewall
-Objectives and Scope -Relevant Knowledges and Researches -What’s iWall? -iWall’s Architecture and Speciality -Schedule

3 What’s a Firewall? -The term “Firewall” is derived from
metal sheets which are designed to confine fire in a specific area. -Computer “Firewall” regulates computer traffic between different security domains.

4 Types of Firewall -Packet Filtering -Application Gateway
-Stateful Inspection

5 Firewall Architecture
-Single Box Architecture -Screened Host Architecture -Multi Layer Architecture

6 Types of Attack -Password Attacks -Denial of Service
-Trojan Horse & Virus -Man in the Middle -Packet Sniffing -IP Spoofing

7 Problems of Firewall -Depends solely on manufacturers’ attack signature database. -Insufficient to fend off unknown attack patterns.

8 Objectives -Create a firewall which can prevent new attack patterns.
-Create a firewall which is adaptive to working environment. -To ensure computer network security.

9 Scope -To create firewall rules automatically according to attack types and usages. -To keep logs for further uses in optimization by data mining. -Use layered filter to increase the efficiency of iWall in intrusion prevention issues.

10 Relevant Knowledges -Data Mining -Artificial Intelligence
-Computer Security

11 Data Mining -Applied on traffic log -Frequent Event Set
-Association Mining

12 Artificial Intelligence
-Reinforcement Learning -Heuristic functions are applied as reward functions.

13 Computer Security -Malware analysis -Intrusion Prevention

14 Relevant Researches -ระบบแม่ข่ายซีเคียวเซลล์ที่สามารถปรับตัวได้ ทางด้านการป้องกันการบุกรุก [ชนินทร์ ญาณภิ รัต และ ฐิติกร เขมวิลาส, 2007] -ไฟร์วอลล์ที่ปรับตัวได้ [สุธีร์ กิจเจริญการกุล และ อรุซ ถิรวัฒน, 2008]

15 What is iWall? -iWall is an combination between Application Layer firewall and Network Layer firewall.

16 iWall’s Architecture

17 Firewall -Netfilter / iptables -Embedded in UNIX kernel

18

19 Rule Server -Stores and create new rules.
-Receives new logs through filter server. -Analyzes logs. -Utilizes data mining and machine learning Algorithms. -Manageable via graphical user interfaces.

20

21 Filter Server -Activate and deactivate Filter Sets.
-Keeps track of Filter Sets in case of a failure. -Sends log to Rule Server.

22

23 Layered Filter -Filter Set Collection -Filter Set -Filter Node

24 Filter Set Collection -Contains several Filter Sets which process packets concurrently.

25

26 Filter Set -Isolated from one another. -Contains several Filter Nodes.

27

28 Filter Node -Simulates actual environment.
-Designed to lure an attack. -Order of execution sorted by performance and probability of malware detection.

29 iWall’s Speciality -Adaptability -Analyze, Learn and Protect
-Layered Filters

30 Adaptability -Adaptive to traffic congestion
-Adaptive to malware detection rate -Flexible to working environments “It is not the strongest of the species that survives, nor the most intelligent. It is the one that is the most adaptable to change.” - Charles Darwin

31 Analyze, Learn and Protect
-Log analysis is an iterative process in order to create efficient rules.

32 Schedule -Problem analysis -Requirement analysis -Design -Construction
-Validation and verification -Documentation and delivery

33 Schedule (Cont.)

34 Q&A THANK YOU