Data Mining-Driven Framework for Effective Firewall Log Management
Gouda, A., Emara, K., khafagy, M., Badry, R. (2024). Data Mining-Driven Framework for Effective Firewall Log Management. EKB Journal Management System, 2(2), 1-8. doi: 10.21608/ifjsis.2024.259436.1051
Ahmed Mohamed Gouda; Karim Emara; Mohamed H khafagy; Rasha M Badry. "Data Mining-Driven Framework for Effective Firewall Log Management". EKB Journal Management System, 2, 2, 2024, 1-8. doi: 10.21608/ifjsis.2024.259436.1051
Gouda, A., Emara, K., khafagy, M., Badry, R. (2024). 'Data Mining-Driven Framework for Effective Firewall Log Management', EKB Journal Management System, 2(2), pp. 1-8. doi: 10.21608/ifjsis.2024.259436.1051
Gouda, A., Emara, K., khafagy, M., Badry, R. Data Mining-Driven Framework for Effective Firewall Log Management. EKB Journal Management System, 2024; 2(2): 1-8. doi: 10.21608/ifjsis.2024.259436.1051

Data Mining-Driven Framework for Effective Firewall Log Management

Labyrinth: Fayoum Journal of Science and Interdisciplinary Studies
Volume 2, Issue 2, December 2024, Page 1-8  XML PDF (972.75 K)
Document Type: Original full papers (regular papers)
DOI: 10.21608/ifjsis.2024.259436.1051
View on SCiNiTO View on SCiNiTO
Authors
Ahmed Mohamed Gouda1; Karim Emara2; Mohamed H khafagy email orcid 3; Rasha M Badry4
1Fayoum university
2Faculty of Computer and Information Sciences, Ain Shams University.
3Professor, computer science department, Fayoum university
4Associate professor, information systems department, Fayoum university
Abstract
firewall devices faces challenges, particularly in addressing performance issues due to evolving security threats. This paper presents a framework utilizing data mining techniques, specifically the Apriori and FPgrowth algorithms, to analyze extensive firewall logs. The proposed system extracts Juniper firewall logs from Security Information and Event Management (SIEM), deploying data mining algorithms to identify and address performance issues. The process involves discovering patterns, grouping item sets, and identifying related events within the telecom network's firewall logs. The study yields recommendations for managing firewall events, both individually and in critical event contexts, enabling network security administrators to automatically detect and review firewall performance problems. The FPgrowth algorithm identifies frequent itemsets, highlighting closely related events occurring together. The proposed data mining-driven framework demonstrates strong predictive power (R = 0.948, R Square = 0.898) and significant explanatory capability, evidenced by a high F-statistic (509.589, p < 0.0001) and impactful coefficients, particularly for the "actual frequency" variable. This framework enhances the efficiency of firewall log management, providing valuable insights for network security administrators.
Keywords
Firewalls; Network and Information Security; Data Mining; Logs; and Event Management
Statistics
Article View: 272
PDF Download: 219