Automatic firewall rules generator for anomaly detection systems with Apriori algorithm

TL;DR

This paper presents an innovative approach using the Apriori data mining algorithm to automatically generate firewall rules for detecting novel network anomaly attacks, enhancing intrusion detection systems.

Contribution

It introduces a novel application of the Apriori algorithm to create real-time firewall rules for identifying previously unseen attacks.

Findings

Effective detection of novel anomaly attacks

Automatic generation of firewall rules in real-time

Improved intrusion detection capabilities

Abstract

Network intrusion detection systems have become a crucial issue for computer systems security infrastructures. Different methods and algorithms are developed and proposed in recent years to improve intrusion detection systems. The most important issue in current systems is that they are poor at detecting novel anomaly attacks. These kinds of attacks refer to any action that significantly deviates from the normal behaviour which is considered intrusion. This paper proposed a model to improve this problem based on data mining techniques. Apriori algorithm is used to predict novel attacks and generate real-time rules for firewall. Apriori algorithm extracts interesting correlation relationships among large set of data items. This paper illustrates how to use Apriori algorithm in intrusion detection systems to cerate a automatic firewall rules generator to detect novel anomaly attack. Apriori is the best-known algorithm to mine association rules. This is an innovative way to find association rules on large scale.